[SECURITY] Fedora 19 Update: gnutls-3.1.15-1.fc19

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

Fedora 19 : gnutls-3.1.15-1.fc19 (2013-20052)

New minor upstream release fixing a security issue. Adds ECC NIST Suite B curves support ECDH, ECDSA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

GLSA-201310-18 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201310-18 GnuTLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact : A remote attacker could...

Fedora Update for gnutls FEDORA-2013-20052

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for gnutls FEDORA-2013-20052

Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2013-20052 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Description Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers and Lucky Thirteen research paper referenced below for details. Impact A remote attacker could sent a...

FreeBSD : gnutls -- denial of service (9065b930-3d8b-11e3-bd1a-e840f2096bd0)

Salvatore Bonaccorso reports : This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

gnutls -- denial of service

Salvatore Bonaccorso reports: This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client...

[slackware-security] gnutls

New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/gnutls-2.10.5-i486-2slack13.37.txz: Rebuilt. Updated to the correct version to fix fetching the "latest" from gnu.org...

Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)

New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-287-03. The text itself is...

Amazon Linux AMI : libtasn1 (ALAS-2012-60)

A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input such as an X.509 certificate that, when parsed by an application that uses libtasn1 such as applications using GnuTLS, could cause the application to crash. CVE-2012-1569 C Tenable...

Amazon Linux AMI : gnutls (ALAS-2013-172)

It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

Amazon Linux AMI : gnutls (ALAS-2012-59)

A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. CVE-2012-1573 A boundary error was found in the gnutlssessiongetdata function. A malicious...

Amazon Linux AMI : gnutls (ALAS-2013-197)

It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. CVE-2013-2116 C...

Slackware 14.0 / current : gnutls (SSA:2013-242-03)

New gnutls packages are available for Slackware 14.0 and -current to fix a security issue. Sorry about having to reissue this one -- I pulled it from ftp.gnu.org not realizing that the latest version there was actually months out of date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Slackware 14.0 / current : gnutls (SSA:2013-242-01)

New gnutls packages are available for Slackware 14.0, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-242-01. The text itself is copyright C...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0 and -current to fix a security issue. Sorry about having to reissue this one -- I pulled it from ftp.gnu.org not realizing that the latest version there was actually months out of date. Here are the details from the Slackware 14.0 ChangeLog:...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/gnutls-3.0.26-i486-1slack14.0.txz: Upgraded. This update prevents a side-channel attack which may allow remote attackers to conduct...

GnuTLS TLS Record Decoding Out-of-bounds Memory Access (CVE-2013-2116)

An out-of-bounds memory access vulnerability has been found in GnuTLS...

VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries

VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0009.nasl 6074 2017-05-05 09:03:14Z teissa $ VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries Authors: Michael Meyer...