Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.0304.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:0304-1)
Summary:The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2017:0304-1 advisory.
Description:Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2017:0304-1 advisory.

Vulnerability Insight:
This update for gnutls fixes the following issues:
- Malformed asn1 definitions could cause a segmentation fault in the asn1
definition parser (bsc#961491).
- CVE-2016-8610: Remote denial of service in SSL alert handling
(bsc#1005879).
- CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could
have lead to heap and stack overflows (bsc#1018832).
- CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could
have lead to heap and stack overflows (bsc#1018832).
- CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could
have lead to heap and stack overflows (bsc#1018832).

Affected Software/OS:
'gnutls' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise High Availability Extension 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-8610
BugTraq ID: 93841
http://www.securityfocus.com/bid/93841
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
Debian Security Information: DSA-3773 (Google Search)
https://www.debian.org/security/2017/dsa-3773
FreeBSD Security Advisory: FreeBSD-SA-16:35
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
https://security.360.cn/cve/CVE-2016-8610/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://seclists.org/oss-sec/2016/q4/224
RedHat Security Advisories: RHSA-2017:0286
http://rhn.redhat.com/errata/RHSA-2017-0286.html
RedHat Security Advisories: RHSA-2017:0574
http://rhn.redhat.com/errata/RHSA-2017-0574.html
RedHat Security Advisories: RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1413
RedHat Security Advisories: RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1414
RedHat Security Advisories: RHSA-2017:1415
http://rhn.redhat.com/errata/RHSA-2017-1415.html
RedHat Security Advisories: RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1658
RedHat Security Advisories: RHSA-2017:1659
http://rhn.redhat.com/errata/RHSA-2017-1659.html
RedHat Security Advisories: RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1801
RedHat Security Advisories: RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:1802
RedHat Security Advisories: RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2493
RedHat Security Advisories: RHSA-2017:2494
https://access.redhat.com/errata/RHSA-2017:2494
http://www.securitytracker.com/id/1037084
Common Vulnerability Exposure (CVE) ID: CVE-2017-5335
BugTraq ID: 95374
http://www.securityfocus.com/bid/95374
https://security.gentoo.org/glsa/201702-04
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
http://www.openwall.com/lists/oss-security/2017/01/10/7
http://www.openwall.com/lists/oss-security/2017/01/11/4
RedHat Security Advisories: RHSA-2017:2292
https://access.redhat.com/errata/RHSA-2017:2292
http://www.securitytracker.com/id/1037576
SuSE Security Announcement: openSUSE-SU-2017:0386 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5336
BugTraq ID: 95377
http://www.securityfocus.com/bid/95377
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
Common Vulnerability Exposure (CVE) ID: CVE-2017-5337
BugTraq ID: 95372
http://www.securityfocus.com/bid/95372
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.