Test ID:	1.3.6.1.4.1.25623.1.0.881742
Category:	CentOS Local Security Checks
Title:	CentOS Update for gnutls CESA-2013:0883 centos6
Summary:	The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116) Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. Affected Software/OS: gnutls on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2116 1028603 http://www.securitytracker.com/id/1028603 53911 http://secunia.com/advisories/53911 57260 http://secunia.com/advisories/57260 57274 http://secunia.com/advisories/57274 DSA-2697 http://www.debian.org/security/2013/dsa-2697 MDVSA-2013:171 http://www.mandriva.com/security/advisories?name=MDVSA-2013:171 RHSA-2013:0883 http://rhn.redhat.com/errata/RHSA-2013-0883.html SUSE-SU-2013:1060 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html SUSE-SU-2014:0320 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SUSE-SU-2014:0322 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html USN-1843-1 http://www.ubuntu.com/usn/USN-1843-1 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754 http://www.gnutls.org/security.html#GNUTLS-SA-2013-2 https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d Common Vulnerability Exposure (CVE) ID: CVE-2013-1619 http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://openwall.com/lists/oss-security/2013/02/05/24 RedHat Security Advisories: RHSA-2013:0588 http://rhn.redhat.com/errata/RHSA-2013-0588.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search) SuSE Security Announcement: openSUSE-SU-2013:0807 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://www.ubuntu.com/usn/USN-1752-1
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.