A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

...

CVE-2022-2509 affecting package gnutls for versions less than 3.7.7-1

CVE-2022-2509 affecting package gnutls for versions less than 3.7.7-1. An upgraded version of the package is available that resolves this issue...

ALSA-2022:6224 Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification...

Rocky Linux 8 : gnutls and nettle (RLSA-2021:4451)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4451 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated...

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. An unauthenticated remote malicious party could potentially exploit the vulnerability to cause a denial-of-service or execute arbitrary code execute with the application's privileges. The vulnerability was found in the PKCS 7 authentication code. In doing...

SUSE: Security Advisory (SUSE-SU-2022:2919-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2022:2919-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2919-1 advisory. - A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification...

openSUSE: Security Advisory for gnutls (SUSE-SU-2022:2919-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2919-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification bsc1202020. Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation bsc1190698 - FIPS: Only allows ECDSA signature with valid set of hashes SHA2 and SHA...

Ubuntu: Security Advisory (USN-348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2022-0301)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4903-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5079-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3309-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gnutls packages fix security vulnerability

A double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. CVE-2022-2509...

MGASA-2022-0301 Updated gnutls packages fix security vulnerability

A double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. CVE-2022-2509...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2022:2882-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2882-1 advisory. - A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification...

SUSE: Security Advisory (SUSE-SU-2022:2882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for gnutls (SUSE-SU-2022:2882-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

USN-5550-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only...