UBUNTU-CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate...

mod-gnutls 'gnutls_hooks.c' security bypass vulnerability

modgnutls is an extension to the GnuTLS library used by Apache for httpd to provide HTTPS. A security bypass vulnerability exists in mod-gnutls 'gnutlshooks.c' that allows attackers to bypass certain security restrictions and perform unauthorized operations...

Oracle Solaris Third-Party Patch Update : gnutls (cve_2012_1573_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory...

Oracle Solaris Third-Party Patch Update : gnutls (multiple_vulnerabilities_in_gnutls)

The remote Solaris system is missing necessary patches to address security updates : - The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509...

Oracle Solaris Third-Party Patch Update : gnutls (cve_2013_1619_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of...

Oracle Solaris Third-Party Patch Update : gnutls (cve_2011_4128_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remot...

Oracle Solaris Third-Party Patch Update : gnutls (cve_2014_0092_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoo...

SOL15970 - GnuTLS 3.x vulnerability CVE-2014-8564

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

CVE-2014-8155

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is 1 not yet valid or 2 no longer valid...

GnuTLS memory corruption

Memory corruption on ECC...

[ MDVSA-2014:215 ] gnutls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:215 http://www.mandriva.com/en/support/security/ Package : gnutls Date : November 19, 2014 Affected: Business Server 1.0 Problem Description: Updated gnutls package fix security vulnerability: An out-of-boun...

openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)

gnutls was updated to fix one security issue. This security issue was fixed : - Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes CVE-2014-8564. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)

Updated gnutls package fix security vulnerability : An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate...

RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)

An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

Fedora 21 : gnutls-3.3.10-1.fc21 (2014-14734)

new upstream release, Security fix for CVE-2014-8564 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 21 Update: gnutls-3.3.10-1.fc21

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

MGASA-2014-0458 Updated gnutls package fix security vulnerability

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...

Updated gnutls package fix security vulnerability

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC Elliptic Curve Cryptography certificates or certificate signing requests CSR. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application...

Fedora 20 : gnutls-3.1.28-1.fc20 (2014-14760)

Security fix for CVE-2014-8564 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...