SUSE-SU-2020:2864-1 Security update for gnutls

This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with norenegotiation alert sent CVE-2020-24659 bsc1176181 - FIPS: Implement ECDH requirements from SP800-56Arev3 bsc1176086 - FIPS: Use 2048 bit prime in DH selftest bsc1176086 - FIPS: Add TLS KDF selftest...

MGASA-2020-0379 Updated gnutls packages fix security vulnerability

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

Updated gnutls packages fix security vulnerability

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

Photon OS 3.0: Gnutls PHSA-2020-3.0-0146

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0146. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14109...

The vulnerability of the get_cert_name function (gnutls.c) in the application for connecting to virtual private networks via OpenConnect allows a perpetrator to cause a service failure or execute arbitrary code.

The vulnerability of the getcertname function gnutls.c in applications for connecting to virtual private networks via OpenConnect is related to buffer overflow vulnerabilities. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code...

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2020-2109)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2020-3.0-0146

Updates of 'gnutls' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-0146

Updates of 'gnutls' packages of Photon OS have been released...

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-de51ee7cc9)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gnutls (FEDORA-2020-d12739ca45)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: mingw-gnutls-3.6.15-1.fc33

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

[SECURITY] Fedora 33 Update: gnutls-3.6.15-1.fc33

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)

...

Photon OS 2.0: Gnutls PHSA-2020-2.0-0285

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0285. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14071...

Photon OS 1.0: Gnutls PHSA-2020-1.0-0324

An update of the gnutls package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0324. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14071...

Fedora 31 : gnutls (2020-30cd8d9ad6)

Update to the new upstream 3.6.15 release. ---- - Fix memory leak when serializing iovect 1845083 - Fix automatic libraries sonames detection 1845806 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora: Security Advisory for gnutls (FEDORA-2020-30cd8d9ad6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: gnutls-3.6.15-1.fc31

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.

...