Test ID:	1.3.6.1.4.1.25623.1.0.56359
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-986-1)
Summary:	The remote host is missing an update for the Debian 'gnutls11' package(s) announced via the DSA-986-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'gnutls11' package(s) announced via the DSA-986-1 advisory. Vulnerability Insight: Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component of the Tiny ASN.1 Library, which is also present and used in GnuTLS, the GNU implementation for Transport Layer Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols and which allows attackers to crash the DER decoder and possibly execute arbitrary code. The old stable distribution (woody) is not affected by these problems. For the stable distribution (sarge) these problems have been fixed in version 1.0.16-13.2. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your gnutls packages. Affected Software/OS: 'gnutls11' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0645 1015612 http://securitytracker.com/id?1015612 16568 http://www.securityfocus.com/bid/16568 18794 http://secunia.com/advisories/18794 18815 http://secunia.com/advisories/18815 18830 http://secunia.com/advisories/18830 18832 http://secunia.com/advisories/18832 18898 http://secunia.com/advisories/18898 18918 http://secunia.com/advisories/18918 19080 http://secunia.com/advisories/19080 19092 http://secunia.com/advisories/19092 2006-0008 http://www.trustix.org/errata/2006/0008 20060209 ProtoVer SSL: GnuTLS http://www.securityfocus.com/archive/1/424538/100/0/threaded 23054 http://www.osvdb.org/23054 446 http://securityreason.com/securityalert/446 ADV-2006-0496 http://www.vupen.com/english/advisories/2006/0496 DSA-985 http://www.debian.org/security/2006/dsa-985 DSA-986 http://www.debian.org/security/2006/dsa-986 FEDORA-2006-107 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html GLSA-200602-08 http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml MDKSA-2006:039 http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 RHSA-2006:0207 http://rhn.redhat.com/errata/RHSA-2006-0207.html USN-251-1 https://usn.ubuntu.com/251-1/ [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html gnutls-libtasn1-der-dos(24606) https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://www.gleg.net/protover_ssl.shtml oval:org.mitre.oval:def:10540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.