Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831635
Category:Mandrake Local Security Checks
Title:Mandriva Update for gnutls MDVSA-2012:040 (gnutls)
Summary:The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'gnutls'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in GnuTLS:

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before
3.0.15 does not properly handle data encrypted with a block cipher,
which allows remote attackers to cause a denial of service (heap
memory corruption and application crash) via a crafted record, as
demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).

The updated packages have been patched to correct this issue.

The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the
2.12.8 version due to problems with the test suite while building
it, additionally a new dependency was added on p11-kit for the PKCS
#11 support.

Affected Software/OS:
gnutls on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2,
Mandriva Linux 2010.1

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1573
BugTraq ID: 52667
http://www.securityfocus.com/bid/52667
Bugtraq: 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Debian Security Information: DSA-2441 (Google Search)
http://www.debian.org/security/2012/dsa-2441
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:040
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
http://www.openwall.com/lists/oss-security/2012/03/21/4
http://www.openwall.com/lists/oss-security/2012/03/21/5
http://osvdb.org/80259
RedHat Security Advisories: RHSA-2012:0429
http://rhn.redhat.com/errata/RHSA-2012-0429.html
RedHat Security Advisories: RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RedHat Security Advisories: RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://www.securitytracker.com/id?1026828
http://secunia.com/advisories/48488
http://secunia.com/advisories/48511
http://secunia.com/advisories/48596
http://secunia.com/advisories/48712
http://secunia.com/advisories/57260
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://www.ubuntu.com/usn/USN-1418-1
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.