Test ID:	1.3.6.1.4.1.25623.1.1.4.2014.0788.2
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2014:0788-2)
Summary:	The remote host is missing an update for the 'GnuTLS' package(s) announced via the SUSE-SU-2014:0788-2 advisory.
Description:	Summary: The remote host is missing an update for the 'GnuTLS' package(s) announced via the SUSE-SU-2014:0788-2 advisory. Vulnerability Insight: GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed. Further information is available at [link moved to references] These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 Affected Software/OS: 'GnuTLS' package(s) on SUSE Linux Enterprise Server 10-SP3, SUSE Linux Enterprise Server 10-SP4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3466 BugTraq ID: 67741 http://www.securityfocus.com/bid/67741 Debian Security Information: DSA-2944 (Google Search) http://www.debian.org/security/2014/dsa-2944 http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ RedHat Security Advisories: RHSA-2014:0594 http://rhn.redhat.com/errata/RHSA-2014-0594.html RedHat Security Advisories: RHSA-2014:0595 http://rhn.redhat.com/errata/RHSA-2014-0595.html RedHat Security Advisories: RHSA-2014:0684 http://rhn.redhat.com/errata/RHSA-2014-0684.html RedHat Security Advisories: RHSA-2014:0815 http://rhn.redhat.com/errata/RHSA-2014-0815.html http://www.securitytracker.com/id/1030314 http://secunia.com/advisories/58340 http://secunia.com/advisories/58598 http://secunia.com/advisories/58601 http://secunia.com/advisories/58642 http://secunia.com/advisories/59016 http://secunia.com/advisories/59021 http://secunia.com/advisories/59057 http://secunia.com/advisories/59086 http://secunia.com/advisories/59408 http://secunia.com/advisories/59838 http://secunia.com/advisories/60384 SuSE Security Announcement: SUSE-SU-2014:0758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2014:0763 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://www.ubuntu.com/usn/USN-2229-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3467 Debian Security Information: DSA-3056 (Google Search) http://www.debian.org/security/2014/dsa-3056 http://www.mandriva.com/security/advisories?name=MDVSA-2015:116 http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html RedHat Security Advisories: RHSA-2014:0596 http://rhn.redhat.com/errata/RHSA-2014-0596.html RedHat Security Advisories: RHSA-2014:0687 http://rhn.redhat.com/errata/RHSA-2014-0687.html http://secunia.com/advisories/58591 http://secunia.com/advisories/58614 http://secunia.com/advisories/60320 http://secunia.com/advisories/60415 http://secunia.com/advisories/61888 Common Vulnerability Exposure (CVE) ID: CVE-2014-3468 Common Vulnerability Exposure (CVE) ID: CVE-2014-3469
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.