VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries

a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2013-0169 and CVE-2013-0166 to these...

Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Oracle Linux 5 / 6 : gnutls (ELSA-2013-0588)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0588 advisory. 2.8.5-10.1 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238 Tenable has extracted the preceding description block directly from the Oracle Linux...

Fedora 18 : mingw-gnutls-2.12.23-2.fc18 (2013-9783)

Fix for CVE-2013-2116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Oracle Linux 5 / 6 : gnutls (ELSA-2013-0883)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0883 advisory. 2.8.5-10.2 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 Tenable has extracted the preceding description block directly fr...

Oracle Linux 5 : gnutls (ELSA-2008-0489)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0489 advisory. 1.4.1-3 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 447461, 447462, 447463 Tenable has extracted the preceding description block...

Oracle Linux 5 : gnutls (ELSA-2012-0428)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0428 advisory. - fix CVE-2011-4128 - buffer overflow in gnutlssessiongetdata 752308 - fix CVE-2012-1569 - missing length check when decoding DER lengths 804920 Tenabl...

Oracle Linux 5 : gnutls (ELSA-2010-0166)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0166 advisory. - implement safe renegotiation - CVE-2009-3555 533125 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 4 : gnutls (ELSA-2008-0492)

From Red Hat Security Advisory 2008:0492 : Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for...

Fedora 17 : gnutls-2.12.23-2.fc17 (2013-9799)

Important security update - possible DoS of both client and server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Oracle Linux 4 : gnutls (ELSA-2006-0680)

From Red Hat Security Advisory 2006:0680 : Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographi...

Fedora 18 : gnutls-2.12.23-2.fc18 (2013-9792)

Important security update - possible DoS of both client and server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Oracle Linux 4 : gnutls (ELSA-2010-0167)

From Red Hat Security Advisory 2010:0167 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

Oracle Linux 5 : gnutls (ELSA-2008-0982)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0982 advisory. 1.4.1-3.1 - fix chain verification issue CVE-2008-4989 470079 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 6 : gnutls (ELSA-2012-0429)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0429 advisory. - fix CVE-2012-1573 - security issue in packet parsing 805432 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 5 : gnutls (ELSA-2009-1232)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1232 advisory. 1.4.1-3.5 - fix NUL characters in DN and SAN cert fields issue, make sure gnutlsx509crtcheckhostname fails when certificate has no CN or SAN CVE-2009-2730 51623...

Fedora 17 : mingw-gnutls-2.12.23-2.fc17 (2013-9774)

Fix for CVE-2013-2116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

CVE-2013-2116

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...

Design/Logic Flaw

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...

CVE-2013-2116

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169...