Test ID:	1.3.6.1.4.1.25623.1.1.4.2015.0675.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2015:0675-1)
Summary:	The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2015:0675-1 advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2015:0675-1 advisory. Vulnerability Insight: GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed. Further information is available at [link moved to references] <[link moved to references]> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <[link moved to references]> Affected Software/OS: 'gnutls' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server for SAP Applications 11-SP3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5138 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361 http://article.gmane.org/gmane.comp.security.oss.general/12223 http://thread.gmane.org/gmane.comp.security.oss.general/12127 RedHat Security Advisories: RHSA-2014:0247 http://rhn.redhat.com/errata/RHSA-2014-0247.html http://secunia.com/advisories/57254 http://secunia.com/advisories/57260 http://secunia.com/advisories/57274 http://secunia.com/advisories/57321 SuSE Security Announcement: SUSE-SU-2014:0319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html SuSE Security Announcement: SUSE-SU-2014:0445 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2116 1028603 http://www.securitytracker.com/id/1028603 53911 http://secunia.com/advisories/53911 57260 57274 DSA-2697 http://www.debian.org/security/2013/dsa-2697 MDVSA-2013:171 http://www.mandriva.com/security/advisories?name=MDVSA-2013:171 RHSA-2013:0883 http://rhn.redhat.com/errata/RHSA-2013-0883.html SUSE-SU-2013:1060 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html SUSE-SU-2014:0320 SUSE-SU-2014:0322 USN-1843-1 http://www.ubuntu.com/usn/USN-1843-1 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754 http://www.gnutls.org/security.html#GNUTLS-SA-2013-2 https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d Common Vulnerability Exposure (CVE) ID: CVE-2014-0092 BugTraq ID: 65919 http://www.securityfocus.com/bid/65919 Debian Security Information: DSA-2869 (Google Search) http://www.debian.org/security/2014/dsa-2869 RedHat Security Advisories: RHSA-2014:0246 http://rhn.redhat.com/errata/RHSA-2014-0246.html RedHat Security Advisories: RHSA-2014:0288 http://rhn.redhat.com/errata/RHSA-2014-0288.html RedHat Security Advisories: RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html http://secunia.com/advisories/56933 http://secunia.com/advisories/57103 http://secunia.com/advisories/57204 SuSE Security Announcement: SUSE-SU-2014:0321 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0323 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html SuSE Security Announcement: SUSE-SU-2014:0324 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html SuSE Security Announcement: openSUSE-SU-2014:0325 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html SuSE Security Announcement: openSUSE-SU-2014:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://www.ubuntu.com/usn/USN-2127-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3466 BugTraq ID: 67741 http://www.securityfocus.com/bid/67741 Debian Security Information: DSA-2944 (Google Search) http://www.debian.org/security/2014/dsa-2944 http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ RedHat Security Advisories: RHSA-2014:0594 http://rhn.redhat.com/errata/RHSA-2014-0594.html RedHat Security Advisories: RHSA-2014:0595 http://rhn.redhat.com/errata/RHSA-2014-0595.html RedHat Security Advisories: RHSA-2014:0684 http://rhn.redhat.com/errata/RHSA-2014-0684.html RedHat Security Advisories: RHSA-2014:0815 http://rhn.redhat.com/errata/RHSA-2014-0815.html http://www.securitytracker.com/id/1030314 http://secunia.com/advisories/58340 http://secunia.com/advisories/58598 http://secunia.com/advisories/58601 http://secunia.com/advisories/58642 http://secunia.com/advisories/59016 http://secunia.com/advisories/59021 http://secunia.com/advisories/59057 http://secunia.com/advisories/59086 http://secunia.com/advisories/59408 http://secunia.com/advisories/59838 http://secunia.com/advisories/60384 SuSE Security Announcement: SUSE-SU-2014:0758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2014:0763 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00010.html http://www.ubuntu.com/usn/USN-2229-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3467 Debian Security Information: DSA-3056 (Google Search) http://www.debian.org/security/2014/dsa-3056 http://www.mandriva.com/security/advisories?name=MDVSA-2015:116 http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html RedHat Security Advisories: RHSA-2014:0596 http://rhn.redhat.com/errata/RHSA-2014-0596.html RedHat Security Advisories: RHSA-2014:0687 http://rhn.redhat.com/errata/RHSA-2014-0687.html http://secunia.com/advisories/58591 http://secunia.com/advisories/58614 http://secunia.com/advisories/60320 http://secunia.com/advisories/60415 http://secunia.com/advisories/61888 Common Vulnerability Exposure (CVE) ID: CVE-2014-3468 Common Vulnerability Exposure (CVE) ID: CVE-2014-3469 Common Vulnerability Exposure (CVE) ID: CVE-2014-8155 73317 http://www.securityfocus.com/bid/73317 RHSA-2015:1457 http://rhn.redhat.com/errata/RHSA-2015-1457.html https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c https://support.f5.com/csp/article/K53330207 Common Vulnerability Exposure (CVE) ID: CVE-2015-0282 BugTraq ID: 73119 http://www.securityfocus.com/bid/73119 Debian Security Information: DSA-3191 (Google Search) http://www.debian.org/security/2015/dsa-3191 RedHat Security Advisories: RHSA-2015:1457 http://www.securitytracker.com/id/1032148 Common Vulnerability Exposure (CVE) ID: CVE-2015-0294 https://bugzilla.redhat.com/show_bug.cgi?id=1196323 https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.