ID de Prueba:	1.3.6.1.4.1.25623.1.0.831635
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for gnutls MDVSA-2012:040 (gnutls)
Resumen:	The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in GnuTLS: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573). The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support. Affected Software/OS: gnutls on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1573 BugTraq ID: 52667 http://www.securityfocus.com/bid/52667 Bugtraq: 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html Debian Security Information: DSA-2441 (Google Search) http://www.debian.org/security/2012/dsa-2441 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:040 http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912 http://www.openwall.com/lists/oss-security/2012/03/21/4 http://www.openwall.com/lists/oss-security/2012/03/21/5 http://osvdb.org/80259 RedHat Security Advisories: RHSA-2012:0429 http://rhn.redhat.com/errata/RHSA-2012-0429.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html RedHat Security Advisories: RHSA-2012:0531 http://rhn.redhat.com/errata/RHSA-2012-0531.html http://www.securitytracker.com/id?1026828 http://secunia.com/advisories/48488 http://secunia.com/advisories/48511 http://secunia.com/advisories/48596 http://secunia.com/advisories/48712 http://secunia.com/advisories/57260 SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://www.ubuntu.com/usn/USN-1418-1
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.