Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871532
Category:Red Hat Local Security Checks
Title:RedHat Update for gnutls RHSA-2016:0012-01
Summary:The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'gnutls'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The GnuTLS library provides support for
cryptographic algorithms and for protocols such as Transport Layer Security (TLS).

A flaw was found in the way TLS 1.2 could use the MD5 hash function for
signing ServerKeyExchange and Client Authentication packets during a TLS
handshake. A man-in-the-middle attacker able to force a TLS connection to
use the MD5 hash function could use this flaw to conduct collision attacks
to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)

All gnutls users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all applications linked to the GnuTLS library must be restarted.

Affected Software/OS:
gnutls on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7575
BugTraq ID: 79684
http://www.securityfocus.com/bid/79684
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3436 (Google Search)
http://www.debian.org/security/2016/dsa-3436
Debian Security Information: DSA-3437 (Google Search)
http://www.debian.org/security/2016/dsa-3437
Debian Security Information: DSA-3457 (Google Search)
http://www.debian.org/security/2016/dsa-3457
Debian Security Information: DSA-3458 (Google Search)
http://www.debian.org/security/2016/dsa-3458
Debian Security Information: DSA-3465 (Google Search)
http://www.debian.org/security/2016/dsa-3465
Debian Security Information: DSA-3491 (Google Search)
http://www.debian.org/security/2016/dsa-3491
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201701-46
https://security.gentoo.org/glsa/201706-18
https://security.gentoo.org/glsa/201801-15
RedHat Security Advisories: RHSA-2016:0049
http://rhn.redhat.com/errata/RHSA-2016-0049.html
RedHat Security Advisories: RHSA-2016:0050
http://rhn.redhat.com/errata/RHSA-2016-0050.html
RedHat Security Advisories: RHSA-2016:0053
http://rhn.redhat.com/errata/RHSA-2016-0053.html
RedHat Security Advisories: RHSA-2016:0054
http://rhn.redhat.com/errata/RHSA-2016-0054.html
RedHat Security Advisories: RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RedHat Security Advisories: RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RedHat Security Advisories: RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
http://www.securitytracker.com/id/1034541
http://www.securitytracker.com/id/1036467
SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
SuSE Security Announcement: openSUSE-SU-2015:2405 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
SuSE Security Announcement: openSUSE-SU-2016:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2016:0161 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
SuSE Security Announcement: openSUSE-SU-2016:0162 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
SuSE Security Announcement: openSUSE-SU-2016:0488 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
SuSE Security Announcement: openSUSE-SU-2016:0605 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
http://www.ubuntu.com/usn/USN-2863-1
http://www.ubuntu.com/usn/USN-2864-1
http://www.ubuntu.com/usn/USN-2865-1
http://www.ubuntu.com/usn/USN-2866-1
http://www.ubuntu.com/usn/USN-2884-1
http://www.ubuntu.com/usn/USN-2904-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.