Test Kennung:	1.3.6.1.4.1.25623.1.0.871186
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for gnutls RHSA-2014:0684-01
Zusammenfassung:	The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash. (CVE-2014-3465) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted. Affected Software/OS: gnutls on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3465 https://bugzilla.redhat.com/show_bug.cgi?id=1101734 http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003327.html http://lists.gnutls.org/pipermail/gnutls-help/2014-January/003326.html RedHat Security Advisories: RHSA-2014:0684 http://rhn.redhat.com/errata/RHSA-2014-0684.html http://secunia.com/advisories/59086 SuSE Security Announcement: openSUSE-SU-2014:0763 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3466 BugTraq ID: 67741 http://www.securityfocus.com/bid/67741 Debian Security Information: DSA-2944 (Google Search) http://www.debian.org/security/2014/dsa-2944 http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ RedHat Security Advisories: RHSA-2014:0594 http://rhn.redhat.com/errata/RHSA-2014-0594.html RedHat Security Advisories: RHSA-2014:0595 http://rhn.redhat.com/errata/RHSA-2014-0595.html RedHat Security Advisories: RHSA-2014:0815 http://rhn.redhat.com/errata/RHSA-2014-0815.html http://www.securitytracker.com/id/1030314 http://secunia.com/advisories/58340 http://secunia.com/advisories/58598 http://secunia.com/advisories/58601 http://secunia.com/advisories/58642 http://secunia.com/advisories/59016 http://secunia.com/advisories/59021 http://secunia.com/advisories/59057 http://secunia.com/advisories/59408 http://secunia.com/advisories/59838 http://secunia.com/advisories/60384 SuSE Security Announcement: SUSE-SU-2014:0758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://www.ubuntu.com/usn/USN-2229-1
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.