Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200602-08 (libtasn1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.56327
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200602-08 (libtasn1)
Summary:	The remote host is missing updates announced in;advisory GLSA 200602-08.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200602-08. Vulnerability Insight: A flaw in the parsing of Distinguished Encoding Rules (DER) has been discovered in libtasn1, potentially resulting in the execution of arbitrary code. Solution: All libtasn1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-0.2.18' All GNU TLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/gnutls-1.2.10' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0645 1015612 http://securitytracker.com/id?1015612 16568 http://www.securityfocus.com/bid/16568 18794 http://secunia.com/advisories/18794 18815 http://secunia.com/advisories/18815 18830 http://secunia.com/advisories/18830 18832 http://secunia.com/advisories/18832 18898 http://secunia.com/advisories/18898 18918 http://secunia.com/advisories/18918 19080 http://secunia.com/advisories/19080 19092 http://secunia.com/advisories/19092 2006-0008 http://www.trustix.org/errata/2006/0008 20060209 ProtoVer SSL: GnuTLS http://www.securityfocus.com/archive/1/424538/100/0/threaded 23054 http://www.osvdb.org/23054 446 http://securityreason.com/securityalert/446 ADV-2006-0496 http://www.vupen.com/english/advisories/2006/0496 DSA-985 http://www.debian.org/security/2006/dsa-985 DSA-986 http://www.debian.org/security/2006/dsa-986 FEDORA-2006-107 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00043.html GLSA-200602-08 http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml MDKSA-2006:039 http://www.mandriva.com/security/advisories?name=MDKSA-2006:039 RHSA-2006:0207 http://rhn.redhat.com/errata/RHSA-2006-0207.html USN-251-1 https://usn.ubuntu.com/251-1/ [gnutls-dev] 20060209 GnuTLS 1.2.10 - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html [gnutls-dev] 20060209 GnuTLS 1.3.4 - Experimental - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html [gnutls-dev] 20060209 Libtasn1 0.2.18 - Tiny ASN.1 Library - Security release http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html gnutls-libtasn1-der-dos(24606) https://exchange.xforce.ibmcloud.com/vulnerabilities/24606 http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://www.gleg.net/protover_ssl.shtml oval:org.mitre.oval:def:10540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10540
Copyright	Copyright (C) 2008 E-Soft Inc.