Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-575)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120285

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-575)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2015-575 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2015-575 advisory.

Vulnerability Insight:
It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155)

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282)

It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294)

Affected Software/OS:
'gnutls' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8155
73317
http://www.securityfocus.com/bid/73317
RHSA-2015:1457
http://rhn.redhat.com/errata/RHSA-2015-1457.html
https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
https://support.f5.com/csp/article/K53330207
Common Vulnerability Exposure (CVE) ID: CVE-2015-0282
BugTraq ID: 73119
http://www.securityfocus.com/bid/73119
Debian Security Information: DSA-3191 (Google Search)
http://www.debian.org/security/2015/dsa-3191
RedHat Security Advisories: RHSA-2015:1457
http://www.securitytracker.com/id/1032148
Common Vulnerability Exposure (CVE) ID: CVE-2015-0294
https://bugzilla.redhat.com/show_bug.cgi?id=1196323
https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120285
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-575)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2015-575 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the ALAS-2015-575 advisory. Vulnerability Insight: It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155) It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282) It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294) Affected Software/OS: 'gnutls' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8155 73317 http://www.securityfocus.com/bid/73317 RHSA-2015:1457 http://rhn.redhat.com/errata/RHSA-2015-1457.html https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c https://support.f5.com/csp/article/K53330207 Common Vulnerability Exposure (CVE) ID: CVE-2015-0282 BugTraq ID: 73119 http://www.securityfocus.com/bid/73119 Debian Security Information: DSA-3191 (Google Search) http://www.debian.org/security/2015/dsa-3191 RedHat Security Advisories: RHSA-2015:1457 http://www.securitytracker.com/id/1032148 Common Vulnerability Exposure (CVE) ID: CVE-2015-0294 https://bugzilla.redhat.com/show_bug.cgi?id=1196323 https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff
Copyright	Copyright (C) 2015 Greenbone AG