Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:106 (gnutls)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60971

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:106 (gnutls)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to gnutls
announced via advisory MDVSA-2008:106.

Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10
(development) of GnuTLS allow an attacker to cause denial of service
(application crash), and maybe (so far undetermined) execute arbitrary
code.

The updated packages have been patched to fix these flaws.

Note that any applications using this library must be restarted for
the update to take effect.

Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:106

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1948
BugTraq ID: 29292
http://www.securityfocus.com/bid/29292
Bugtraq: 20080520 Vulnerability Advisory on GnuTLS (Google Search)
http://www.securityfocus.com/archive/1/492282/100/0/threaded
Bugtraq: 20080522 rPSA-2008-0174-1 gnutls (Google Search)
http://www.securityfocus.com/archive/1/492464/100/0/threaded
CERT/CC vulnerability note: VU#111034
http://www.kb.cert.org/vuls/id/111034
Debian Security Information: DSA-1581 (Google Search)
http://www.debian.org/security/2008/dsa-1581
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
http://security.gentoo.org/glsa/glsa-200805-20.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
http://www.openwall.com/lists/oss-security/2008/05/20/1
http://www.openwall.com/lists/oss-security/2008/05/20/2
http://www.openwall.com/lists/oss-security/2008/05/20/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935
http://www.redhat.com/support/errata/RHSA-2008-0489.html
http://www.redhat.com/support/errata/RHSA-2008-0492.html
http://www.securitytracker.com/id?1020057
http://secunia.com/advisories/30287
http://secunia.com/advisories/30302
http://secunia.com/advisories/30317
http://secunia.com/advisories/30324
http://secunia.com/advisories/30330
http://secunia.com/advisories/30331
http://secunia.com/advisories/30338
http://secunia.com/advisories/30355
http://secunia.com/advisories/31939
http://securityreason.com/securityalert/3902
SuSE Security Announcement: SUSE-SA:2008:046 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
http://www.ubuntu.com/usn/usn-613-1
http://www.vupen.com/english/advisories/2008/1582/references
http://www.vupen.com/english/advisories/2008/1583/references
XForce ISS Database: gnutls-gnutlsservernamerecvparams-bo(42532)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42532
Common Vulnerability Exposure (CVE) ID: CVE-2008-1949
CERT/CC vulnerability note: VU#252626
http://www.kb.cert.org/vuls/id/252626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519
http://www.securitytracker.com/id?1020058
XForce ISS Database: gnutls-gnutlsrecvclientkxmessage-bo(42530)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42530
Common Vulnerability Exposure (CVE) ID: CVE-2008-1950
CERT/CC vulnerability note: VU#659209
http://www.kb.cert.org/vuls/id/659209
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393
http://www.securitytracker.com/id?1020059
XForce ISS Database: gnutls-gnutlsciphertext2compressed-bo(42533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42533

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60971
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:106 (gnutls)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gnutls announced via advisory MDVSA-2008:106. Flaws discovered in versions prior to 2.2.4 (stable) and 2.3.10 (development) of GnuTLS allow an attacker to cause denial of service (application crash), and maybe (so far undetermined) execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effect. Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:106 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1948 BugTraq ID: 29292 http://www.securityfocus.com/bid/29292 Bugtraq: 20080520 Vulnerability Advisory on GnuTLS (Google Search) http://www.securityfocus.com/archive/1/492282/100/0/threaded Bugtraq: 20080522 rPSA-2008-0174-1 gnutls (Google Search) http://www.securityfocus.com/archive/1/492464/100/0/threaded CERT/CC vulnerability note: VU#111034 http://www.kb.cert.org/vuls/id/111034 Debian Security Information: DSA-1581 (Google Search) http://www.debian.org/security/2008/dsa-1581 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html http://security.gentoo.org/glsa/glsa-200805-20.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:106 http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html http://www.openwall.com/lists/oss-security/2008/05/20/1 http://www.openwall.com/lists/oss-security/2008/05/20/2 http://www.openwall.com/lists/oss-security/2008/05/20/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10935 http://www.redhat.com/support/errata/RHSA-2008-0489.html http://www.redhat.com/support/errata/RHSA-2008-0492.html http://www.securitytracker.com/id?1020057 http://secunia.com/advisories/30287 http://secunia.com/advisories/30302 http://secunia.com/advisories/30317 http://secunia.com/advisories/30324 http://secunia.com/advisories/30330 http://secunia.com/advisories/30331 http://secunia.com/advisories/30338 http://secunia.com/advisories/30355 http://secunia.com/advisories/31939 http://securityreason.com/securityalert/3902 SuSE Security Announcement: SUSE-SA:2008:046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html http://www.ubuntu.com/usn/usn-613-1 http://www.vupen.com/english/advisories/2008/1582/references http://www.vupen.com/english/advisories/2008/1583/references XForce ISS Database: gnutls-gnutlsservernamerecvparams-bo(42532) https://exchange.xforce.ibmcloud.com/vulnerabilities/42532 Common Vulnerability Exposure (CVE) ID: CVE-2008-1949 CERT/CC vulnerability note: VU#252626 http://www.kb.cert.org/vuls/id/252626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9519 http://www.securitytracker.com/id?1020058 XForce ISS Database: gnutls-gnutlsrecvclientkxmessage-bo(42530) https://exchange.xforce.ibmcloud.com/vulnerabilities/42530 Common Vulnerability Exposure (CVE) ID: CVE-2008-1950 CERT/CC vulnerability note: VU#659209 http://www.kb.cert.org/vuls/id/659209 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11393 http://www.securitytracker.com/id?1020059 XForce ISS Database: gnutls-gnutlsciphertext2compressed-bo(42533) https://exchange.xforce.ibmcloud.com/vulnerabilities/42533
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com