Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0212
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0212)
Summary:	The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2017-0212 advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2017-0212 advisory. Vulnerability Insight: GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. (CVE-2017-7869) GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. (CVE-2017-7507) Affected Software/OS: 'gnutls' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7507 99102 http://www.securityfocus.com/bid/99102 DSA-3884 http://www.debian.org/security/2017/dsa-3884 RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292 https://www.gnutls.org/security.html#GNUTLS-SA-2017-4 Common Vulnerability Exposure (CVE) ID: CVE-2017-7869 BugTraq ID: 97040 http://www.securityfocus.com/bid/97040 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe RedHat Security Advisories: RHSA-2017:2292
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.