Test ID:	1.3.6.1.4.1.25623.1.0.881947
Category:	CentOS Local Security Checks
Title:	CentOS Update for gnutls CESA-2014:0595 centos6
Summary:	The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. Affected Software/OS: gnutls on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3466 BugTraq ID: 67741 http://www.securityfocus.com/bid/67741 Debian Security Information: DSA-2944 (Google Search) http://www.debian.org/security/2014/dsa-2944 http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ RedHat Security Advisories: RHSA-2014:0594 http://rhn.redhat.com/errata/RHSA-2014-0594.html RedHat Security Advisories: RHSA-2014:0595 http://rhn.redhat.com/errata/RHSA-2014-0595.html RedHat Security Advisories: RHSA-2014:0684 http://rhn.redhat.com/errata/RHSA-2014-0684.html RedHat Security Advisories: RHSA-2014:0815 http://rhn.redhat.com/errata/RHSA-2014-0815.html http://www.securitytracker.com/id/1030314 http://secunia.com/advisories/58340 http://secunia.com/advisories/58598 http://secunia.com/advisories/58601 http://secunia.com/advisories/58642 http://secunia.com/advisories/59016 http://secunia.com/advisories/59021 http://secunia.com/advisories/59057 http://secunia.com/advisories/59086 http://secunia.com/advisories/59408 http://secunia.com/advisories/59838 http://secunia.com/advisories/60384 SuSE Security Announcement: SUSE-SU-2014:0758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2014:0763 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://www.ubuntu.com/usn/USN-2229-1
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.