Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2014:0322-1
HistoryMar 04, 2014 - 1:07 a.m.

Security update for gnutls (critical)

2014-03-0401:07:15
lists.opensuse.org
14

0.862 High

EPSS

Percentile

98.3%

JSON

The GnuTLS library received a critical security fix and
other updates:

  • CVE-2014-0092: The X.509 certificate verification had
    incorrect error handling, which could lead to broken
    certificates marked as being valid.
  • CVE-2009-5138: A verification problem in handling V1
    certificates could also lead to V1 certificates incorrectly
    being handled.
  • CVE-2013-2116: The _gnutls_ciphertext2compressed
    function in lib/gnutls_cipher.c in GnuTLS allowed remote
    attackers to cause a denial of service (buffer over-read
    and crash) via a crafted padding length.
  • CVE-2013-1619: Timing attacks against hashing of
    padding was fixed which might have allowed disclosure of
    keys. (Lucky13 attack).

Also the following non-security bugs have been fixed:

  • gnutls doesn’t like root CAs without Basic
    Constraints. Permit V1 Certificate Authorities properly
    (bnc#760265)
  • memory leak in PSK authentication (bnc#835760)
OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server LTSS11.1s390xgnutls< 2.4.1-24.39.49.1gnutls-2.4.1-24.39.49.1.s390x.rpm
SUSE Linux Enterprise Server LTSS11.1i586gnutls< 2.4.1-24.39.49.1gnutls-2.4.1-24.39.49.1.i586.rpm
SUSE Linux Enterprise Server LTSS11.1i586libgnutls26< 2.4.1-24.39.49.1libgnutls26-2.4.1-24.39.49.1.i586.rpm
SUSE Linux Enterprise Server LTSS11.1s390xlibgnutls26< 2.4.1-24.39.49.1libgnutls26-2.4.1-24.39.49.1.s390x.rpm
SUSE Linux Enterprise Server LTSS11.1x86_64gnutls< 2.4.1-24.39.49.1gnutls-2.4.1-24.39.49.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS11.1x86_64libgnutls26< 2.4.1-24.39.49.1libgnutls26-2.4.1-24.39.49.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS11.1s390xlibgnutls26-32bit< 2.4.1-24.39.49.1libgnutls26-32bit-2.4.1-24.39.49.1.s390x.rpm
SUSE Linux Enterprise Server LTSS11.1x86_64libgnutls-extra26< 2.4.1-24.39.49.1libgnutls-extra26-2.4.1-24.39.49.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS11.1i586libgnutls-extra26< 2.4.1-24.39.49.1libgnutls-extra26-2.4.1-24.39.49.1.i586.rpm
SUSE Linux Enterprise Server LTSS11.1s390xlibgnutls-extra26< 2.4.1-24.39.49.1libgnutls-extra26-2.4.1-24.39.49.1.s390x.rpm
Rows per page:
1-10 of 111

Related

openvas 69
oraclelinux 4
nessus 56
suse 11
centos 4
redhat 5
ibm 4
fedora 11
amazon 3
gentoo 1
altlinux 2
f5 3
securityvulns 5
slackware 4
veracode 3
checkpoint_advisories 2
debian 2
ubuntu 2
prion 1
ubuntucve 1
mageia 1
debiancve 1
checkpoint_security 1
seebug 1
cve 1
ics 1
openvas
openvas
SUSE: Security Advisory for gnutls (SUSE-SU-2014:0322-1)
2015-10-16 00:00:00
RedHat Update for gnutls RHSA-2014:0247-01
2014-03-04 00:00:00
RedHat Update for gnutls RHSA-2014:0247-01
2014-03-04 00:00:00
oraclelinux
oraclelinux
gnutls security update
2014-03-03 00:00:00
gnutls security update
2014-03-03 00:00:00
gnutls security update
2013-05-30 00:00:00
nessus
nessus
Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20140303)
2014-03-04 00:00:00
CentOS 5 : gnutls (CESA-2014:0247)
2014-03-05 00:00:00
RHEL 5 : gnutls (RHSA-2014:0247)
2014-03-04 00:00:00
suse
suse
Security update for gnutls (critical)
2014-03-04 01:06:51
Security update for gnutls (critical)
2014-03-04 01:08:22
Security update for gnutls (critical)
2014-03-04 01:04:17
centos
centos
gnutls security update
2014-03-04 20:51:10
gnutls security update
2013-05-30 18:50:13
gnutls security update
2013-03-04 22:46:23
redhat
redhat
(RHSA-2014:0247) Important: gnutls security update
2014-03-03 00:00:00
(RHSA-2013:0883) Important: gnutls security update
2013-05-30 00:00:00
(RHSA-2013:0588) Moderate: gnutls security update
2013-03-04 00:00:00
ibm
ibm
Security Bulletin: IBM Platform Cluster Manager – Standard Edition (CVE-2014-0092, CVE-2009-5138)
2022-09-26 04:02:25
Security Bulletin: IBM WebSphere Application Server Hypervisor GnuTLS certificate security bypass CVE-2014-0092
2021-06-03 15:23:50
Security Bulletin: TS3000 code level v7.x affected by Open Source GnuTLS cyrpto issue (CVE-2014-0092)
2022-08-20 00:54:31
fedora
fedora
[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.23-2.fc17
2013-06-11 09:10:43
[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.23-2.fc18
2013-06-11 09:01:09
[SECURITY] Fedora 18 Update: gnutls-2.12.23-2.fc18
2013-06-11 09:08:17
amazon
amazon
Important: gnutls
2013-06-11 22:44:00
Medium: gnutls
2013-03-14 22:04:00
Important: gnutls
2014-03-06 14:58:00
gentoo
gentoo
GnuTLS: Multiple vulnerabilities
2013-10-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gnutls30 version 2.12.23-alt2
2014-03-05 00:00:00
Security fix for the ALT Linux 9 package gnutls30 version 2.12.23-alt2
2014-03-05 00:00:00
f5
f5
SOL15623 - GnuTLS vulnerability CVE-2009-5138
2014-09-26 00:00:00
K15160 : GnuTLS vulnerability CVE-2014-0092
2014-12-12 00:00:00
SOL15160 - GnuTLS vulnerability CVE-2014-0092
2014-04-10 00:00:00
securityvulns
securityvulns
gnutls DoS
2013-06-03 00:00:00
[ MDVSA-2013:171 ] gnutls
2013-06-03 00:00:00
[USN-1752-1] GnuTLS vulnerability
2013-03-02 00:00:00
slackware
slackware
[slackware-security] gnutls
2013-10-15 00:18:30
[slackware-security] gnutls
2013-08-30 07:46:14
[slackware-security] gnutls
2013-08-30 20:25:45
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:54:18
Information Leakage
2019-01-15 08:58:55
Man-in-the-Middle (MitM)
2019-01-15 08:58:04
checkpoint_advisories
checkpoint_advisories
GnuTLS TLS Record Decoding Out-of-bounds Memory Access (CVE-2013-2116)
2013-08-25 00:00:00
GnuTLS Certificate Verification Policy Bypass (CVE-2014-0092)
2014-05-08 00:00:00
debian
debian
[SECURITY] [DSA 2697-1] gnutls26 security update
2013-05-29 19:59:26
[SECURITY] [DSA 2869-1] gnutls26 security update
2014-03-03 20:14:51
ubuntu
ubuntu
GnuTLS vulnerability
2013-05-29 00:00:00
GnuTLS vulnerability
2013-02-27 00:00:00
prion
prion
Code injection
2014-03-07 00:10:00
ubuntucve
ubuntucve
CVE-2014-0092
2014-03-03 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerability
2014-03-04 00:07:34
debiancve
debiancve
CVE-2014-0092
2014-03-07 00:10:00
checkpoint_security
checkpoint_security
Check Point response to GnuTLS certificate verification vulnerability (CVE-2014-0092)
2014-03-04 22:00:00
seebug
seebug
GnuTLS证书验证安全限制绕过漏洞
2014-03-05 00:00:00
cve
cve
CVE-2014-0092
2014-03-07 00:10:00
ics
ics
Siemens RuggedCom ROX-based Devices Certificate Verification Vulnerability (Update A)
2018-09-06 12:00:00

0.862 High

EPSS

Percentile

98.3%

JSON
Related for SUSE-SU-2014:0322-1
openvas69oraclelinux4nessus56suse11centos4redhat5ibm4fedora11amazon3gentoo1altlinux2f53securityvulns5slackware4veracode3checkpoint_advisories2debian2ubuntu2prion1ubuntucve1mageia1debiancve1checkpoint_security1seebug1cve1ics1