Slackware Security Advisory - New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Related CVE Numbers: CVE-2011-4128,CVE-2012-1569,CVE-2012-1573,CVE-2013-1619,CVE-2013-2116.
13905ed94cfe14682c1c5c14c16132d41f098ff84047a15e976344d2814c839dVMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.
ab37b6926b046653acdeeef66e7c85baGentoo Linux Security Advisory 201206-18 - Multiple vulnerabilities have been found in GnuTLS, allowing a remote attacker to perform man-in-the-middle or Denial of Service attacks. Versions less than 2.12.18 are affected.
c75c8a7a91c5efaf8a508739dcbabd15dd3969086e8b5d633124183f164ef053Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.
13bc1e954c5707a74014e86b9b7592f3b622b5e97b35e85f4312492b2cad81f0Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.
9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8eRed Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
1474501c578f805f223062c5d3b5a64942c2f200a99dc5147eb491ba6624c86b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed