Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2021-2632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : gnutls (EulerOS-SA-2021-2632)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

NewStart CGSL MAIN 6.02 : gnutls Vulnerability (NS-SA-2021-0133)

The remote NewStart CGSL host, running version MAIN 6.02, has gnutls packages installed that are affected by a vulnerability: - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve...

SSL/TLS: Renegotiation MITM Vulnerability (CVE-2009-3555)

The remote SSL/TLS service is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the GnuTLS cryptographic library, related to the repeated memory release mechanism, allows a hacker to cause a service failure.

The vulnerability of the GnuTLS cryptographic library is related to the repeated release of memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console

Summary GnuTLS is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7869 DESCRIPTION: GnuTLS is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer overflow in cdkpktread function in...

Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console (CVE-2015-8313, CVE-2015-2806 )

Summary GnuTLS is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2015-2806 DESCRIPTION: An unspecified error in libtasn1 related to asn1derdecoding has an unknown impact and attack vector. CVSS Base Score: 6.8 CVSS Temporal...

Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)

Summary It was found that GnuTLS's implementation of HMAC-SHA-384 and HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

openSUSE: Security Advisory for aria2 (openSUSE-SU-2021:1125-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for aria2 (moderate)

openSUSE Security Update: Security update for aria2 Announcement ID: openSUSE-SU-2021:1125-1 Rating: moderate References: 1189107 Cross-References: CVE-2019-3500 CVSS scores: CVE-2019-3500 NVD : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 openSUSE...

EulerOS 2.0 SP9 : gnutls (EulerOS-SA-2021-2271)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other...

EulerOS 2.0 SP9 : gnutls (EulerOS-SA-2021-2245)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2021-2245)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2021-2271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : GnuTLS vulnerabilities (USN-5029-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5029-1 advisory. It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause...

Ubuntu: Security Advisory (USN-5029-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5029-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-5029-1 gnutls28 vulnerabilities

It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Security Bulletin: Cloud Pak for Security has several security vulnerabilities addressed in the latest version

Summary Cloud Pak for Security CP4S v1.7.1.0 and older is vulnerable to multiple CVEs. These have been addressed in the latest product release, CP4S v1.7.2.0. Vulnerability Details CVEID: CVE-2021-20305 DESCRIPTION: Nettle could allow a remote attacker to bypass security restrictions, caused by a...