[slackware-security] gnutls

New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.7.7-i586-1slack15.0.txz: Upgraded. libgnutls: Fixed double free during verification of pkcs7 signatures. Reported by Jaak...

CVE-2022-2509

A vulnerability was found in gnutls. This issue is due to a double-free error that occurs during the verification of pkcs7 signatures in the gnutlspkcs7verify function...

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A resource management error vulnerability exists in GnuTLS that stems from a double release during gnutlspkcs7verify...

Slackware Linux 15.0 / current gnutls Vulnerability (SSA:2022-210-01)

The version of gnutls installed on the remote host is prior to 3.7.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-210-01 advisory. - A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7...

SUSE SLES15 Security Update : gmp, gnutls, libnettle (SUSE-SU-2020:0948-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:0948-2 advisory. - GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-0...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2020:2864-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:2864-2 advisory. - An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is se...

SUSE-SU-2020:2864-2 Security update for gnutls

This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 bsc1176181 - FIPS: Implement ECDH requirements from SP800-56Arev3 bsc1176086 - FIPS: Use 2048 bit prime in DH selftest bsc1176086 - FIPS: Add TLS KDF selftest...

gnutls -- double free vulnerability

The GnuTLS project reports: When gnutlspkcs7verify cannot verify signature against given trust list, it starts creating a chain of certificates starting from identified signer up to known root. During the creation of this chain the signer certificate gets freed which results in double free when t...

PT-2022-7559

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A security flaw occurs due to a double free error during verification of pkcs7 signatures in the gnutls pkcs7 verify function. This issue allows a remote attacker to cause a denial of service...

PT-2022-7528 · Gnutls +7 · Gnutls +7

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: The issue is related to the function gnutls rnd in the GnuTLS package used by Samba, which generates insufficiently random values. This can potentially allow an attacker to gain access to...

Moderate: Red Hat Security Advisory: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]

Updated RHV-M Appliance packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from gzip, jackson-databind, libssh, gnutls, nettle and zlib

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages gzip, libssh, gnutls, nettle, zlib and jackson-databind that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2021-3634 DESCRIPTION: libssh is...

Ecapture - Capture SSL/TLS Text Content Without CA Cert By eBPF

How eCapture works SSL/TLS text context capture, support openssl\gnutls\nsprnss libraries. bash audit, capture bash command for Host Security Audit. mysql query SQL audit, support mysqld 5.6\5.7\8.0, and mariadDB. eCapture Architecure eCapture User Manual Getting started use ELF binary file...

Slackware: Security Advisory (SSA:2017-011-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2016-254-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2013-287-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2019-086-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2020-248-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2014-156-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...