Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2018-1335)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1693)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-10844

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

Ubuntu 16.04 LTS / 18.04 LTS : GnuTLS update (USN-4233-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4233-1 advisory. As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Tenable has extracted the preceding description...

USN-4233-1: GnuTLS update

As a security improvement, this update marks SHA1 as being untrusted for digital signature operations...

USN-4233-1 gnutls28 update

As a security improvement, this update marks SHA1 as being untrusted for digital signature operations...

CVE-2018-10845

It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

CVE-2018-10846

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes...

Code injection

GnuTLS incorrectly validates the first byte of padding in CBC modes...

CVE-2015-8313

CVE-2015-8313 affects GnuTLS: the first padding byte in CBC mode is not correctly validated, enabling a MITM POODLE-style attack to potentially reveal plaintext. Connected sources show this vulnerability cited in multiple advisories (Debian DLA-364-1, SUSE/SUSE-SU-2016:0077-1, IBM FSM bulletin, N...

CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes...

CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes...

Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-10844 DESCRIPTION: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2590)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-2432)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have...

EulerOS Virtualization for ARM 64 3.0.3.0 : gnutls (EulerOS-SA-2019-2324)

According to the versions of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in...

GnuTLS Certificate Verification Use after Free (CVE-2019-3829)

A use-after-free vulnerability exists in the GnuTLS library. The vulnerability is due to improper handling of signatures when processing X.509 certificates. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted X.509 certificate to a target application. Successful...

gnutls security, bug fix, and enhancement update

3.6.8-8 - Use fallback random function for RSA blinding in FIPS selftests 3.6.8-7 - Fix deterministic signature creation in selftests 3.6.8-6 - Treat login error more gracefully when enumerating PKCS11 tokens 1705478 - Use deterministic ECDSA/DSA in FIPS selftests 1716560 - Add...

glib2 security, bug fix, and enhancement update

2.56.4-7 - Backport patch for CVE-2019-12450 Resolves: 1722101 2.56.4-5 - Backport glib2 change needed for accountsservice dbus codegen fix Resolves: 1713081 2.56.4-4 - Back GHmac with GnuTLS for FIPS - Resolves: 1630260 2.56.4-3 - Backport per-desktop overrides - Resolves: 1715951 2.56.4-2 - Add...