Test ID:	1.3.6.1.4.1.25623.1.0.56247
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0207
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0207. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0207.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 16568 Common Vulnerability Exposure (CVE) ID: CVE-2006-0645 1015612 http://securitytracker.com/id?1015612 16568 http://www.securityfocus.com/bid/16568 18794 http://secunia.com/advisories/18794 18815 http://secunia.com/advisories/18815 18830 http://secunia.com/advisories/18830 18832 http://secunia.com/advisories/18832 18898 http://secunia.com/advisories/18898 18918 http://secunia.com/advisories/18918 19080 http://secunia.com/advisories/19080 19092 http://secunia.com/advisories/19092 2006-0008 http://www.trustix.org/errata/2006/0008 20060209 ProtoVer SSL: GnuTLS http://www.securityfocus.com/archive/1/424538/100/0/threaded 23054 http://www.osvdb.org/23054 446 http://securityreason.com/securityalert/446 ADV-2006-0496 http://www.vupen.com/english/advisories/2006/0496 DSA-985 http://www.debian.org/security/2006/dsa-985 DSA-986 http://www.debian.org/security/2006/dsa-986 FEDORA-2006-107 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html GLSA-200602-08 http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml MDKSA-2006:039 http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 RHSA-2006:0207 http://rhn.redhat.com/errata/RHSA-2006-0207.html USN-251-1 https://usn.ubuntu.com/251-1/ [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html gnutls-libtasn1-der-dos(24606) https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://www.gleg.net/protover_ssl.shtml oval:org.mitre.oval:def:10540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.