SUSE-SU-2016:0077-1 Security update for gnutls

This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked bsc957568 - CVE-2015-2806: Two-byte stack overflow in asn1derdecoding bsc924828...

Scientific Linux Security Update : gnutls on SL6.x, SL7.x i386/x86_64 (20160107) (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-2865-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2865-1 advisory. Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to...

Ubuntu: Security Advisory (USN-2865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2865-1: GnuTLS vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

USN-2865-1 gnutls26, gnutls28 vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

Moderate: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

OracleVM 3.3 : gnutls (OVMSA-2016-0004)

The remote OracleVM system is missing necessary patches to address critical security updates : - Prevent downgrade attack to RSA-MD5 in TLS 1.2 server key exchange 1289885 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security...

CentOS 6 / 7 : gnutls (CESA-2016:0012) (SLOTH)

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0012 advisory. 3.3.8-14 - Prevent downgrade attack to RSA-MD5 in server key exchange. 3.3.8-13 - Corrected reseed and respect of maxnumberofbitsperrequest in FIPS140-2 mod...

RHEL 6 / 7 : gnutls (RHSA-2016:0012) (SLOTH)

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Oracle: Security Advisory (ELSA-2016-0012)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for gnutls RHSA-2016:0012-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for gnutls CESA-2016:0012 centos7

Check the version of gnutls SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882357";...

CentOS Update for gnutls CESA-2016:0012 centos6

Check the version of gnutls SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882366";...

gnutls security update

CentOS Errata and Security Advisory CESA-2016:0012 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

gnutls security update

3.3.8-14 - Prevent downgrade attack to RSA-MD5 in server key exchange. 3.3.8-13 - Corrected reseed and respect of maxnumberofbitsperrequest in FIPS140-2 mode. Also enhanced the initial tests. 1228199...

GnuTLS Padding Oracle Information Disclosure Vulnerability

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols developed by Nikos Mavrogiannopoulos of Belgium and Simon Josefsson of Sweden, software developers. An information disclosure vulnerability exists in GnuTLS. An attacker could exploit this vulnerabilit...

DLA-364-1 gnutls26 - security update

Bulletin has no description...

CVE-2015-3276

The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors...