 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.881942 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for gnutls CESA-2014:0594 centos5 |
| Zusammenfassung: | The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. Affected Software/OS: gnutls on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3466 BugTraq ID: 67741 http://www.securityfocus.com/bid/67741 Debian Security Information: DSA-2944 (Google Search) http://www.debian.org/security/2014/dsa-2944 http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ RedHat Security Advisories: RHSA-2014:0594 http://rhn.redhat.com/errata/RHSA-2014-0594.html RedHat Security Advisories: RHSA-2014:0595 http://rhn.redhat.com/errata/RHSA-2014-0595.html RedHat Security Advisories: RHSA-2014:0684 http://rhn.redhat.com/errata/RHSA-2014-0684.html RedHat Security Advisories: RHSA-2014:0815 http://rhn.redhat.com/errata/RHSA-2014-0815.html http://www.securitytracker.com/id/1030314 http://secunia.com/advisories/58340 http://secunia.com/advisories/58598 http://secunia.com/advisories/58601 http://secunia.com/advisories/58642 http://secunia.com/advisories/59016 http://secunia.com/advisories/59021 http://secunia.com/advisories/59057 http://secunia.com/advisories/59086 http://secunia.com/advisories/59408 http://secunia.com/advisories/59838 http://secunia.com/advisories/60384 SuSE Security Announcement: SUSE-SU-2014:0758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2014:0763 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://www.ubuntu.com/usn/USN-2229-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3467 Debian Security Information: DSA-3056 (Google Search) http://www.debian.org/security/2014/dsa-3056 http://www.mandriva.com/security/advisories?name=MDVSA-2015:116 http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html RedHat Security Advisories: RHSA-2014:0596 http://rhn.redhat.com/errata/RHSA-2014-0596.html RedHat Security Advisories: RHSA-2014:0687 http://rhn.redhat.com/errata/RHSA-2014-0687.html http://secunia.com/advisories/58591 http://secunia.com/advisories/58614 http://secunia.com/advisories/60320 http://secunia.com/advisories/60415 http://secunia.com/advisories/61888 Common Vulnerability Exposure (CVE) ID: CVE-2014-3468 Common Vulnerability Exposure (CVE) ID: CVE-2014-3469 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |