Mandrake Security Advisory MDVSA-2009:116 (gnutls)

The remote host is missing an update to gnutls announced via advisory MDVSA-2009:116. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:116 (gnutls)

The remote host is missing an update to gnutls announced via advisory MDVSA-2009:116. OpenVAS Vulnerability Test $Id: mdksa2009116.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:116 gnutls Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

GLSA-200905-04 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200905-04 GnuTLS: Multiple vulnerabilities The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

Gentoo Security Advisory GLSA 200905-04 (gnutls)

The remote host is missing updates announced in advisory GLSA 200905-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200905-04 (gnutls)

The remote host is missing updates announced in advisory GLSA 200905-04. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

GnuTLS -- multiple vulnerabilities

SecurityFocus reports: GnuTLS is prone to multiple remote vulnerabilities: A remote code-execution vulnerability. A denial-of-service vulnerability. A signature-generation vulnerability. A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary...

gnutls multiple security vulnerabilities

DoS, certificate validation vulnerabilities...

Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)

Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a...

[Full-disclosure] [ MDVSA-2009:116 ] gnutls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:116 http://www.mandriva.com/security/ Package : gnutls Date : May 18, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0 Problem Description: Multiple vulnerabilities has been found and corrected in gnutls...

Slackware 12.0 / 12.1 / 12.2 / current : gnutls (SSA:2009-128-01)

New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-128-01. The text itself is...

gnutls

New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2009-1415 https://vulners.com/cve/CVE-2009-1416 Here are the...

GnuTLS库多个远程安全漏洞

BUGTRAQ ID: 34783 CVECAN ID: CVE-2009-1416,CVE-2009-1415,CVE-2009-1417 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS中的多个安全漏洞可能被远程利用执行欺骗攻击、绕过某些安全限制或导致拒绝服务。 1 处理无效DSA密钥中的错误可能导致释放无效内存，客户端应用可能会崩溃。 2 GnuTLS库生成的是RSA密钥而不是DSA密钥，而RSA密钥生成的是弱加密签名。 3 gnutls-cli应用没有正确地检查X.509证书的激活和过期日期，可能诱骗应用程序接受无效的证书。 0 GNU GnuTLS 2.6.6 GN...

CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is 1 not yet valid or 2 no longer valid, related to lack of time checks in the gnutlsx509verifycertificate function...

Code injection

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

CVE-2009-1416

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

CVE-2009-1415

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...

CVE-2009-1416

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

Code injection

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is 1 not yet valid or 2 no longer valid, related to lack of time checks in the gnutlsx509verifycertificate function...

CVE-2009-1417

gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is 1 not yet valid or 2 no longer valid, related to lack of time checks in the gnutlsx509verifycertificate function...