gnutls -- RSA Signature Forgery Vulnerability

Secunia reports: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forg...

CentOS 4 : gnutls (CESA-2006:0207)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GN...

CentOS 4 : gnutls (CESA-2005:430)

Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer SSL v3 and Transport Laye...

[SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 985-1 [email protected] http://www.debian.org/security/ Martin Schulze March 6th, 2006 http://www.debian.org/security/faq -...

libtasn1 tiny ASN.1 library / GnuTLS TLS implementation multiple security issues

Out-of-bounds access and buffer overflows in DER decoding...

DSA-986-1 gnutls11 - buffer overflows

Bulletin has no description...

Mandrake Linux Security Advisory : gnutls (MDKSA-2006:039)

Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

Fedora Core 4 : gnutls-1.0.25-2.FC4 (2006-107)

Fri Feb 10 2006 Martin Stransky 1.0.25-2.FC4 - fix for CVE-2006-0645 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

RHEL 4 : gnutls (RHSA-2006:0207)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2006:0207 advisory. - - libtasn1 buffer overflow CVE-2006-0645 Note that Nessus has not tested for this issue but has instead relied only on the application's...

gnutls security update

CentOS Errata and Security Advisory CESA-2006:0207 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for...

- libtasn1 buffer overflow

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

Design/Logic Flaw

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

[gnutls-dev] Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release

All, this release fixes several serious bugs that would make the DER decoder in libtasn1 crash on invalid input. The problems were reported by Evgeny Legerov on the 31th of January. New releases of GnuTLS will follow later today. We invite more detailed analysis of the problem, following our...

CVE-2004-2531

X.509 Certificate Signature Verification in Gnu transport layer security library GnuTLS 1.0.16 allows remote attackers to cause a denial of service CPU consumption via certificates containing long chains and signed with large RSA keys...

CVE-2004-2531

X.509 certificate verification in GnuTLS 1.0.16 can be exploited by sending RSA certificates with very large modulus/exponent values to cause resource exhaustion and a denial of service. The CERT advisory notes cross‑vendor impact and that patches/updates have been released by vendors; apply the ...

RHEL 4 : gnutls (RHSA-2005:430)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:430 advisory. The GnuTLS library implements Secure Sockets Layer SSL v3 and Transport Layer Security TLS v1 protocols. A denial of service bug was found in the GnuT...

gnutls security update

CentOS Errata and Security Advisory CESA-2005:430 Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library...

Moderate: Red Hat Security Advisory: gnutls security update

Updated GnuTLS packages that fix a remote denial of service vulnerability are available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library implements Secure Sockets Layer SSL v3 and Transport Laye...