Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-197)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120088

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-197)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2013-197 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2013-197 advisory.

Vulnerability Insight:
It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116)

Affected Software/OS:
'gnutls' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1619
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://openwall.com/lists/oss-security/2013/02/05/24
RedHat Security Advisories: RHSA-2013:0588
http://rhn.redhat.com/errata/RHSA-2013-0588.html
http://secunia.com/advisories/57260
http://secunia.com/advisories/57274
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
SuSE Security Announcement: openSUSE-SU-2013:0807 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
http://www.ubuntu.com/usn/USN-1752-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2116
1028603
http://www.securitytracker.com/id/1028603
53911
http://secunia.com/advisories/53911
57260
57274
DSA-2697
http://www.debian.org/security/2013/dsa-2697
MDVSA-2013:171
http://www.mandriva.com/security/advisories?name=MDVSA-2013:171
RHSA-2013:0883
http://rhn.redhat.com/errata/RHSA-2013-0883.html
SUSE-SU-2013:1060
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html
SUSE-SU-2014:0320
SUSE-SU-2014:0322
USN-1843-1
http://www.ubuntu.com/usn/USN-1843-1
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754
http://www.gnutls.org/security.html#GNUTLS-SA-2013-2
https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120088
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-197)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2013-197 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2013-197 advisory. Vulnerability Insight: It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116) Affected Software/OS: 'gnutls' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1619 http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://openwall.com/lists/oss-security/2013/02/05/24 RedHat Security Advisories: RHSA-2013:0588 http://rhn.redhat.com/errata/RHSA-2013-0588.html http://secunia.com/advisories/57260 http://secunia.com/advisories/57274 SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html SuSE Security Announcement: openSUSE-SU-2013:0807 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://www.ubuntu.com/usn/USN-1752-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2116 1028603 http://www.securitytracker.com/id/1028603 53911 http://secunia.com/advisories/53911 57260 57274 DSA-2697 http://www.debian.org/security/2013/dsa-2697 MDVSA-2013:171 http://www.mandriva.com/security/advisories?name=MDVSA-2013:171 RHSA-2013:0883 http://rhn.redhat.com/errata/RHSA-2013-0883.html SUSE-SU-2013:1060 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html SUSE-SU-2014:0320 SUSE-SU-2014:0322 USN-1843-1 http://www.ubuntu.com/usn/USN-1843-1 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754 http://www.gnutls.org/security.html#GNUTLS-SA-2013-2 https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
Copyright	Copyright (C) 2015 Greenbone AG