FreeBSD : GnuTLS -- double free, invalid pointer access (fb30db8f-62af-11e9-b0de-001cc0382b2f)

The GnuTLS project reports : - Tavis Ormandy from Google Project Zero found a memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. - It was found using the TLS...

Critical Photon OS Security Update - PHSA-2019-0224

Updates of 'PyYAML', 'linux', 'gnutls', 'libxslt', 'linux-esx' packages of Photon OS have been released...

[SECURITY] Fedora 30 Update: glib-networking-2.60.1-2.fc30

This package contains modules that extend the networking support in GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation...

GLSA-201904-14 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-14 GnuTLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : Please review the CVE identifiers referenced below for...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact Please review the CVE...

EulerOS Virtualization 2.5.3 : libtasn1 (EulerOS-SA-2019-1162)

According to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Two errors in the 'asn1findnode' function lib/parseraux.c within GnuTLS libtasn1 version 4.10 can be exploited to cause a...

F5 Networks BIG-IP : GnuTLS vulnerability (K54022413)

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVE-2015-0294 Impact GnuTLS does not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, can lead to a bypass of...

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification...

EulerOS Virtualization 2.5.4 : gnutls (EulerOS-SA-2019-1203)

According to the version of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use...

F5 Networks BIG-IP : GnuTLS vulnerability (K53330207)

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is 1 not yet valid or 2 no longer valid. CVE-2014-8155 Impact GnuTLS does not check activation a...

Fedora Update for gnutls FEDORA-2019-46df367eed

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2019-0134 Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

Updated gnutls packages fix security vulnerability

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVE-2019-3829...

[SECURITY] Fedora 28 Update: gnutls-3.6.5-3.fc28

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

[ASA-201904-2] gnutls: multiple issues

Arch Linux Security Advisory ASA-201904-2 ========================================= Severity: Critical Date : 2019-04-05 CVE-ID : CVE-2019-3829 CVE-2019-3836 Package : gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-945 Summary ======= The package gnutls befor...

Fedora 28 : gnutls (2019-46df367eed)

Security fix for CVE-2019-3829 and CVE-2019-3836 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

EulerOS Virtualization 2.5.3 : gnutls (EulerOS-SA-2019-1272)

According to the version of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could u...

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1136)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1112)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

CVE-2019-3836

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages...