the original cloud security
Showing 1 - 9 of 9 RSS Feed

CVE-2012-1573

Status Candidate

Overview

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Related Files

Slackware Security Advisory - gnutls Updates
Posted Oct 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Related CVE Numbers: CVE-2011-4128,CVE-2012-1569,CVE-2012-1573,CVE-2013-1619,CVE-2013-2116.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-4128, CVE-2012-1569, CVE-2012-1573, CVE-2013-1619, CVE-2013-2116
MD5 | ca406d63a198137dc5ca0a1143a150d5
Gentoo Linux Security Advisory 201206-18
Posted Jun 23, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-18 - Multiple vulnerabilities have been found in GnuTLS, allowing a remote attacker to perform man-in-the-middle or Denial of Service attacks. Versions less than 2.12.18 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2730, CVE-2009-3555, CVE-2011-4128, CVE-2012-1573
MD5 | 44796bd189ac29a95fc21d07ba8b22ad
Red Hat Security Advisory 2012-0531-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0531-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
MD5 | 49fa800e9d557cdd668681bb30c7bdf2
Red Hat Security Advisory 2012-0488-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0488-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
MD5 | f1e17b1405022b76c3461d937ea67009
Ubuntu Security Notice USN-1418-1
Posted Apr 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4128, CVE-2012-1573, CVE-2011-4128, CVE-2012-1573
MD5 | 1b4345011546b31df45e939a80cba711
Mandriva Linux Security Advisory 2012-040
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1573
MD5 | eff5bc41065a2ae7bbc8b34c9df3c8bc
Red Hat Security Advisory 2012-0429-01
Posted Mar 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

tags | advisory, remote, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4128, CVE-2012-1573
MD5 | 54b74ddd5981eec1a2ef266668b9f83f
Red Hat Security Advisory 2012-0428-01
Posted Mar 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4128, CVE-2012-1569, CVE-2012-1573
MD5 | 765c01a1a7095fb564e5f4803e7ab78e
Debian Security Advisory 2441-1
Posted Mar 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2441-1 - Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1573
MD5 | fa34c6fcce4f02ffb1e2da5749b77c8b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close