Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1204)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could...

EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could...

RedHat Update for gnutls RHSA-2017:2292-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : gnutls (RHSA-2017:2292)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2292 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

The vulnerability of the `ckd_pk_get_keyid` function in the `lib/opencdk/pubkey.c` component of the operating system OpenSUSE Leap and the GnuTLS library allows a attacker to cause undefined behavior.

The vulnerability of the ckpkggetkeyid function in the lib/opencdk/pubkey.c component of the OpenSUSE Leap operating system and the GnuTLS library is caused by a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker, operating remotely, to exert unpredictable effects...

USN-3318-1 gnutls26, gnutls28 vulnerabilities

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. CVE-2017-7507 I...

Amazon Linux AMI : gnutls (ALAS-2017-815)

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. CVE-2016-8610...

gnutls: Heap read overflow in read-packet.c

Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...

Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-3183-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3183-2 advisory. USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04...

USN-3183-2: GnuTLS vulnerability

USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remo...

Security update for gnutls (important)

This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)

This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

Ubuntu 14.04 LTS / 16.04 LTS : GnuTLS vulnerabilities (USN-3183-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3183-1 advisory. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this iss...

GnuPG 1.4.12 and lower - memory access errors and keyring database corruption

Versions of GnuPG = 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults or has other memory access violations when importing the key. The key m...