Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0458
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0458)
Summary:	The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2014-0458 advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2014-0458 advisory. Vulnerability Insight: An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564). Affected Software/OS: 'gnutls' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8564 RedHat Security Advisories: RHSA-2014:1846 http://rhn.redhat.com/errata/RHSA-2014-1846.html http://secunia.com/advisories/59991 http://secunia.com/advisories/62284 http://secunia.com/advisories/62294 SuSE Security Announcement: openSUSE-SU-2014:1472 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html http://www.ubuntu.com/usn/USN-2403-1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.