RedHat Update for gnutls RHSA-2014:0595-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for gnutls FEDORA-2014-6891

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for gnutls (openSUSE-SU-2014:0763-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for gnutls CESA-2014:0594 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GnuTLS X.509 Version 1 Intermediate Certificate Policy Bypass (CVE-2014-1959)

A policy-bypass vulnerability has been found in GnuTLS. The vulnerability is due to an error in lib/x509/verify.c where an X.509 version 1 certificate is incorrectly treated as an intermediate CA certificate. A remote attacker could exploit this vulnerability to bypass certificate validation...

GnuTLS Server Hello Session ID Heap Buffer Overflow (CVE-2014-3466)

A remote code execution vulnerability has been reported in GnuTLS. A remote attacker can exploit this vulnerability by sending a specially crafted ServerHello handshake message to an affected GnuTLS server...

gnutls: Fixed possible memory corruption (important)

gnutls was patched to fix security vulnerability that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...

gnutls: Fixed possible memory corruption and NULL pointer dereference (important)

gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect CVE-2014-3466 - NULL pointer dereference in gnutlsx509dnoidname CVE-2014-3465...

[slackware-security] gnutls

New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/gnutls-3.1.25-i486-1slack14.1.txz: Upgraded. A security issue has been corrected in gnutls. This vulnerabili...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-156-01)

New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-156-01. The text...

DEBIAN-CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

Out-of-bounds

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...

CVE-2014-3467

GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...

Fedora 20 : gnutls-3.1.25-1.fc20 (2014-6891)

Added fix for CVE-2014-3466 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

CentOS 5 : gnutls (CESA-2014:0594)

Updated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Important: gnutls

Issue Overview: A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using...

SuSE 11.3 Security Update : gnutls (SAT Patch Number 9320)

GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.htmlGNUTLS-SA-2014-3 These security issues have been fixed : -...