Fedora Update for gnutls FEDORA-2016-c61cda2beb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: gnutls-3.4.13-1.fc23

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

FreeBSD : gnutls -- file overwrite by setuid programs (9c196cfd-2ccc-11e6-94b0-0011d823eebd)

gnutls.org reports : Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXM...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

gnutls -- file overwrite by setuid programs

gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...

GnuTLS DistinguishedName Decoding Double Free - ver 2 (CVE-2015-6251)

A double-free vulnerability has been reported in GnuTLS. The vulnerability is due to an error within gnutlsx509dntostring while processing very long Distinguished Name values in X.509 certificates. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate ...

[SECURITY] Fedora 24 Update: glib-networking-2.48.1-1.fc24

This package contains modules that extend the networking support in GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation...

VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check)

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Berkeley DB NSS module - cURL / libcURL - GnuTLS - Network Security Services...

VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - GnuTLS - Kernel - OpenSSL C Tenable Network Security, Inc. include'compat.inc'; if...

Fedora 23 : mingw-gnutls-3.4.9-1.fc23 / mingw-nettle-3.2-1.fc23 (2016-aa00f0631d)

Gnutls 3.4.9 and Nettle 3.2, security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and...

Ubuntu 14.04 LTS : GnuTLS update (USN-2913-4)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2913-4 advisory. USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package ...

USN-2913-4 gnutls26 update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update...

USN-2913-4: GnuTLS update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update...

[SECURITY] Fedora 23 Update: mingw-gnutls-3.4.9-1.fc23

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Amazon Linux: Security Advisory (ALAS-2016-651)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : gnutls (ALAS-2016-651) (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

Medium: gnutls

Issue Overview: A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct...

USN-2865-1 GnuTLS vulnerability | Cloud Foundry

USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...

SUSE SLED11 / SLES11 Security Update : gnutls (SUSE-SU-2016:0077-1)

This update for gnutls fixes the following security issues : - CVE-2015-8313: First byte of the padding in CBC mode is not checked bsc957568 - CVE-2015-2806: Two-byte stack overflow in asn1derdecoding bsc924828 Note that Tenable Network Security has extracted the preceding description block...