Important Photon OS Security Update - PHSA-2020-0324

Updates of 'gnutls', 'openssl' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0324

An update of 'openssl', 'gnutls' packages of Photon OS has been released...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-0ab6656303)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : mingw-gnutls (2020-0ab6656303)

https://lists.gnupg.org/pipermail/gnutls-help/2020-September/004669.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 32 Update: mingw-gnutls-3.6.15-1.fc32

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Ubuntu: Security Advisory (USN-4491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4491-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-4491-1 gnutls28 vulnerability

It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

...

Ubuntu 20.04 LTS : GnuTLS vulnerability (USN-4491-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4491-1 advisory. It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to...

FreeBSD : GnuTLS -- NULL pointer dereference (2272e6f1-f029-11ea-838a-0011d823eebd)

The GnuTLS project reports : It was found by oss-fuzz that the server sending a 'norenegotiation' alert in an unexpected timing, followed by an invalid second handshake can cause a TLS 1.3 client to crash via a NULL pointer dereference. The crash happens in the application's error handling path,...

Slackware 14.2 / current : gnutls (SSA:2020-248-01)

New gnutls packages are available for Slackware 14.2 and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-248-01. The text itself is copyright C Slackware Linux, Inc...

Fedora 32 : gnutls (2020-4246288e21)

Update to the new upstream 3.6.15 release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenab...

Fedora: Security Advisory for gnutls (FEDORA-2020-4246288e21)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202009-01 : GnuTLS: Denial of service

The remote host is affected by the vulnerability described in GLSA-202009-01 GnuTLS: Denial of service It was found that GnuTLS didnt handle norenegotiation alert properly. Impact : A remote attacker could entice a user to connect to a malicious TLS endpoint using an application linked against...

[SECURITY] Fedora 32 Update: gnutls-3.6.15-1.fc32

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Denial Of Service (DoS)

gnutls is vulnerable to denial of service DoS. The vulnerability exists as a server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The issue occurs where the gnutlsdeinit function i...

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...

GnuTLS Denial of Service Vulnerability (CNVD-2020-51036)

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS versions prior to 3.6.15. An attacker exploiting this vulnerability could cause an application to crash...

GnuTLS: Denial of service

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was found that GnuTLS didn’t handle “norenegotiation” alert properly. Impact A remote attacker could entice a user to connect to a malicious TLS endpoint using an application linked against GnuTLS,...