ID CVE-2012-1573
Summary gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
Vulnerable Configurations
  • GNU GnuTLS 2.0.0
    cpe:2.3:a:gnu:gnutls:2.0.0
  • GNU GnuTLS 2.0.1
    cpe:2.3:a:gnu:gnutls:2.0.1
  • GNU GnuTLS 2.0.2
    cpe:2.3:a:gnu:gnutls:2.0.2
  • GNU GnuTLS 2.0.3
    cpe:2.3:a:gnu:gnutls:2.0.3
  • GNU GnuTLS 2.0.4
    cpe:2.3:a:gnu:gnutls:2.0.4
  • GNU GnuTLS 2.1.0
    cpe:2.3:a:gnu:gnutls:2.1.0
  • GNU GnuTLS 2.1.1
    cpe:2.3:a:gnu:gnutls:2.1.1
  • GNU GnuTLS 2.1.2
    cpe:2.3:a:gnu:gnutls:2.1.2
  • GNU GnuTLS 2.1.3
    cpe:2.3:a:gnu:gnutls:2.1.3
  • GNU GnuTLS 2.1.4
    cpe:2.3:a:gnu:gnutls:2.1.4
  • GNU GnuTLS 2.1.5
    cpe:2.3:a:gnu:gnutls:2.1.5
  • GNU GnuTLS 2.1.6
    cpe:2.3:a:gnu:gnutls:2.1.6
  • GNU GnuTLS 2.1.7
    cpe:2.3:a:gnu:gnutls:2.1.7
  • GNU GnuTLS 2.1.8
    cpe:2.3:a:gnu:gnutls:2.1.8
  • GNU GnuTLS 2.2.0
    cpe:2.3:a:gnu:gnutls:2.2.0
  • GNU GnuTLS 2.2.1
    cpe:2.3:a:gnu:gnutls:2.2.1
  • GNU GnuTLS 2.2.2
    cpe:2.3:a:gnu:gnutls:2.2.2
  • GNU GnuTLS 2.2.3
    cpe:2.3:a:gnu:gnutls:2.2.3
  • GNU GnuTLS 2.2.4
    cpe:2.3:a:gnu:gnutls:2.2.4
  • GNU GnuTLS 2.2.5
    cpe:2.3:a:gnu:gnutls:2.2.5
  • GNU GnuTLS 2.3.0
    cpe:2.3:a:gnu:gnutls:2.3.0
  • GNU GnuTLS 2.3.1
    cpe:2.3:a:gnu:gnutls:2.3.1
  • GNU GnuTLS 2.3.2
    cpe:2.3:a:gnu:gnutls:2.3.2
  • GNU GnuTLS 2.3.3
    cpe:2.3:a:gnu:gnutls:2.3.3
  • GNU GnuTLS 2.3.4
    cpe:2.3:a:gnu:gnutls:2.3.4
  • GNU GnuTLS 2.3.5
    cpe:2.3:a:gnu:gnutls:2.3.5
  • GNU GnuTLS 2.3.6
    cpe:2.3:a:gnu:gnutls:2.3.6
  • GNU GnuTLS 2.3.7
    cpe:2.3:a:gnu:gnutls:2.3.7
  • GNU GnuTLS 2.3.8
    cpe:2.3:a:gnu:gnutls:2.3.8
  • GNU GnuTLS 2.3.9
    cpe:2.3:a:gnu:gnutls:2.3.9
  • GNU GnuTLS 2.3.10
    cpe:2.3:a:gnu:gnutls:2.3.10
  • GNU GnuTLS 2.3.11
    cpe:2.3:a:gnu:gnutls:2.3.11
  • GNU GnuTLS 2.4.0
    cpe:2.3:a:gnu:gnutls:2.4.0
  • GNU GnuTLS 2.4.1
    cpe:2.3:a:gnu:gnutls:2.4.1
  • GNU GnuTLS 2.4.2
    cpe:2.3:a:gnu:gnutls:2.4.2
  • GNU GnuTLS 2.4.3
    cpe:2.3:a:gnu:gnutls:2.4.3
  • GNU GnuTLS 2.5.0
    cpe:2.3:a:gnu:gnutls:2.5.0
  • GNU GnuTLS 2.6.0
    cpe:2.3:a:gnu:gnutls:2.6.0
  • GNU GnuTLS 2.6.1
    cpe:2.3:a:gnu:gnutls:2.6.1
  • GNU GnuTLS 2.6.2
    cpe:2.3:a:gnu:gnutls:2.6.2
  • GNU GnuTLS 2.6.3
    cpe:2.3:a:gnu:gnutls:2.6.3
  • GNU GnuTLS 2.6.4
    cpe:2.3:a:gnu:gnutls:2.6.4
  • GNU GnuTLS 2.6.5
    cpe:2.3:a:gnu:gnutls:2.6.5
  • GNU GnuTLS 2.6.6
    cpe:2.3:a:gnu:gnutls:2.6.6
  • GNU GnuTLS 2.7.4
    cpe:2.3:a:gnu:gnutls:2.7.4
  • GNU GnuTLS 2.8.0
    cpe:2.3:a:gnu:gnutls:2.8.0
  • GNU GnuTLS 2.8.1
    cpe:2.3:a:gnu:gnutls:2.8.1
  • GNU GnuTLS 2.8.2
    cpe:2.3:a:gnu:gnutls:2.8.2
  • GNU GnuTLS 2.8.3
    cpe:2.3:a:gnu:gnutls:2.8.3
  • GNU GnuTLS 2.8.4
    cpe:2.3:a:gnu:gnutls:2.8.4
  • GNU GnuTLS 2.8.5
    cpe:2.3:a:gnu:gnutls:2.8.5
  • GNU GnuTLS 2.8.6
    cpe:2.3:a:gnu:gnutls:2.8.6
  • GNU GnuTLS 2.10.0
    cpe:2.3:a:gnu:gnutls:2.10.0
  • GNU GnuTLS 2.10.1
    cpe:2.3:a:gnu:gnutls:2.10.1
  • GNU GnuTLS 2.10.2
    cpe:2.3:a:gnu:gnutls:2.10.2
  • GNU GnuTLS 2.10.3
    cpe:2.3:a:gnu:gnutls:2.10.3
  • GNU GnuTLS 2.10.4
    cpe:2.3:a:gnu:gnutls:2.10.4
  • GNU GnuTLS 2.10.5
    cpe:2.3:a:gnu:gnutls:2.10.5
  • GNU GnuTLS 2.12.0
    cpe:2.3:a:gnu:gnutls:2.12.0
  • GNU GnuTLS 2.12.1
    cpe:2.3:a:gnu:gnutls:2.12.1
  • GNU GnuTLS 2.12.2
    cpe:2.3:a:gnu:gnutls:2.12.2
  • GNU GnuTLS 2.12.3
    cpe:2.3:a:gnu:gnutls:2.12.3
  • GNU GnuTLS 2.12.4
    cpe:2.3:a:gnu:gnutls:2.12.4
  • GNU GnuTLS 2.12.5
    cpe:2.3:a:gnu:gnutls:2.12.5
  • GNU GnuTLS 2.12.6
    cpe:2.3:a:gnu:gnutls:2.12.6
  • GNU GnuTLS 2.12.6.1
    cpe:2.3:a:gnu:gnutls:2.12.6.1
  • GNU GnuTLS 2.12.7
    cpe:2.3:a:gnu:gnutls:2.12.7
  • GNU GnuTLS 2.12.8
    cpe:2.3:a:gnu:gnutls:2.12.8
  • GNU GnuTLS 2.12.9
    cpe:2.3:a:gnu:gnutls:2.12.9
  • GNU GnuTLS 2.12.10
    cpe:2.3:a:gnu:gnutls:2.12.10
  • GNU GnuTLS 2.12.11
    cpe:2.3:a:gnu:gnutls:2.12.11
  • GNU GnuTLS 2.12.12
    cpe:2.3:a:gnu:gnutls:2.12.12
  • GNU GnuTLS 2.12.13
    cpe:2.3:a:gnu:gnutls:2.12.13
  • GNU GnuTLS 2.12.14
    cpe:2.3:a:gnu:gnutls:2.12.14
  • GNU GnuTLS 2.12.15
    cpe:2.3:a:gnu:gnutls:2.12.15
  • GNU GnuTLS 2.12.16
    cpe:2.3:a:gnu:gnutls:2.12.16
  • GNU TLS 3.0
    cpe:2.3:a:gnu:gnutls:3.0
  • GNU GnuTLS 3.0.0
    cpe:2.3:a:gnu:gnutls:3.0.0
  • GNU GnuTLS 3.0.1
    cpe:2.3:a:gnu:gnutls:3.0.1
  • GNU GnuTLS 3.0.2
    cpe:2.3:a:gnu:gnutls:3.0.2
  • GNU GnuTLS 3.0.3
    cpe:2.3:a:gnu:gnutls:3.0.3
  • GNU GnuTLS 3.0.4
    cpe:2.3:a:gnu:gnutls:3.0.4
  • GNU GnuTLS 3.0.5
    cpe:2.3:a:gnu:gnutls:3.0.5
  • GNU GnuTLS 3.0.6
    cpe:2.3:a:gnu:gnutls:3.0.6
  • GNU GnuTLS 3.0.7
    cpe:2.3:a:gnu:gnutls:3.0.7
  • GNU GnuTLS 3.0.8
    cpe:2.3:a:gnu:gnutls:3.0.8
  • GNU GnuTLS 3.0.9
    cpe:2.3:a:gnu:gnutls:3.0.9
  • GNU GnuTLS 3.0.10
    cpe:2.3:a:gnu:gnutls:3.0.10
  • GNU GnuTLS 3.0.11
    cpe:2.3:a:gnu:gnutls:3.0.11
  • GNU GnuTLS 3.0.12
    cpe:2.3:a:gnu:gnutls:3.0.12
  • GNU GnuTLS 3.0.13
    cpe:2.3:a:gnu:gnutls:3.0.13
  • GNU GnuTLS 3.0.14
    cpe:2.3:a:gnu:gnutls:3.0.14
CVSS
Base: 5.0 (as of 27-03-2012 - 13:42)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-277.NASL
    description 3 vulnerabilities were discovered for the gnutls packages in openSUSE version 12.1.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74627
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74627
    title openSUSE Security Update : gnutls (openSUSE-SU-2012:0620-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58504
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58504
    title CentOS 5 : gnutls (CESA-2012:0428)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNUTLS-8066.NASL
    description This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569) - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573) - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390)
    last seen 2019-02-21
    modified 2012-07-03
    plugin id 59829
    published 2012-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59829
    title SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8066)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4578.NASL
    description Update fixing an important security issue and memory leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58469
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58469
    title Fedora 16 : gnutls-2.12.14-2.fc16 (2012-4578)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0488.NASL
    description An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-1583 (kernel issue) CVE-2011-3045 (libpng issue) CVE-2012-0884 and CVE-2012-1165 (openssl issues) Further information on the changes made to the package is available on the relevant errata : https://rhn.redhat.com/errata/RHBA-2012-0398.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 79286
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79286
    title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize '\\0' characters from certificate fields (CVE-2009-2730). An error in the TLS and SSL protocols mistreats renegotiation handshakes (CVE-2009-3555). A boundary error in the 'gnutls_session_get_data()' function in gnutls_session.c could cause a buffer overflow (CVE-2011-4128). An error in the '_gnutls_ciphertext2compressed()' function in gnutls_cipher.c could cause memory corruption (CVE-2012-1573). Impact : A remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers or cause a Denial of Service condition in applications linked against GnuTLS. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59671
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59671
    title GLSA-201206-18 : GnuTLS: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2441.NASL
    description Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58460
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58460
    title Debian DSA-2441-1 : gnutls26 - missing bounds check
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_GNUTLS_20130619.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. (CVE-2012-1573)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80629
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80629
    title Oracle Solaris Third-Party Patch Update : gnutls (cve_2012_1573_denial_of)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-040.NASL
    description A vulnerability has been found and corrected in GnuTLS : gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573). The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58505
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58505
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2012:040)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0531.NASL
    description An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2011-4128 (gnutls issue) CVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues) CVE-2012-0884 and CVE-2012-1165 (openssl issues) CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues) This update also fixes the following bug : * The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver. (BZ#809463) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 78922
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78922
    title RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_GNUTLS_ON_SL5_X.NASL
    description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61290
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61290
    title Scientific Linux Security Update : gnutls on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GNUTLS-120615.NASL
    description This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569) - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573) - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390) In addition, support for customizing the signing function was added.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64152
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64152
    title SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AECEE357739E11E1A883001CC0A36E12.NASL
    description Mu Dynamics, Inc. reports : The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58423
    published 2012-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58423
    title FreeBSD : gnutls -- possible overflow/Denial of service vulnerabilities (aecee357-739e-11e1-a883-001cc0a36e12)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0428.NASL
    description Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58509
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58509
    title RHEL 5 : gnutls (RHSA-2012:0428)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-287-03.NASL
    description New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues.
    last seen 2019-02-21
    modified 2013-10-16
    plugin id 70439
    published 2013-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70439
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0429.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58510
    published 2012-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58510
    title RHEL 6 : gnutls (RHSA-2012:0429)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-59.NASL
    description A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69666
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69666
    title Amazon Linux AMI : gnutls (ALAS-2012-59)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4569.NASL
    description Important security update fixing two security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58668
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58668
    title Fedora 15 : gnutls-2.10.5-3.fc15 (2012-4569)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0428.NASL
    description From Red Hat Security Advisory 2012:0428 : Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68503
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68503
    title Oracle Linux 5 : gnutls (ELSA-2012-0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0429.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58519
    published 2012-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58519
    title CentOS 6 : gnutls (CESA-2012:0429)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0429.NASL
    description From Red Hat Security Advisory 2012:0429 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68504
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68504
    title Oracle Linux 6 : gnutls (ELSA-2012-0429)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1418-1.NASL
    description Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. (CVE-2011-4128) Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. (CVE-2012-1573). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58618
    published 2012-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58618
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120327_GNUTLS_ON_SL6_X.NASL
    description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61291
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61291
    title Scientific Linux Security Update : gnutls on SL6.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
redhat via4
advisories
  • bugzilla
    id 805432
    title CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment gnutls is earlier than 0:1.4.1-7.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120428002
        • comment gnutls is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080489003
      • AND
        • comment gnutls-devel is earlier than 0:1.4.1-7.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120428006
        • comment gnutls-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080489005
      • AND
        • comment gnutls-utils is earlier than 0:1.4.1-7.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120428004
        • comment gnutls-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080489007
    rhsa
    id RHSA-2012:0428
    released 2012-03-27
    severity Important
    title RHSA-2012:0428: gnutls security update (Important)
  • bugzilla
    id 805432
    title CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment gnutls is earlier than 0:2.8.5-4.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120429005
        • comment gnutls is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429006
      • AND
        • comment gnutls-devel is earlier than 0:2.8.5-4.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120429009
        • comment gnutls-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429010
      • AND
        • comment gnutls-guile is earlier than 0:2.8.5-4.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120429011
        • comment gnutls-guile is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429012
      • AND
        • comment gnutls-utils is earlier than 0:2.8.5-4.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120429007
        • comment gnutls-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429008
    rhsa
    id RHSA-2012:0429
    released 2012-03-27
    severity Important
    title RHSA-2012:0429: gnutls security update (Important)
  • rhsa
    id RHSA-2012:0488
  • rhsa
    id RHSA-2012:0531
rpms
  • gnutls-0:1.4.1-7.el5_8.2
  • gnutls-devel-0:1.4.1-7.el5_8.2
  • gnutls-utils-0:1.4.1-7.el5_8.2
  • gnutls-0:2.8.5-4.el6_2.2
  • gnutls-devel-0:2.8.5-4.el6_2.2
  • gnutls-guile-0:2.8.5-4.el6_2.2
  • gnutls-utils-0:2.8.5-4.el6_2.2
refmap via4
bid 52667
bugtraq 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
confirm
debian DSA-2441
fedora
  • FEDORA-2012-4569
  • FEDORA-2012-4578
mandriva MDVSA-2012:040
misc http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
mlist
  • [gnutls-devel] 20120302 gnutls 2.12.16
  • [gnutls-devel] 20120302 gnutls 3.0.15
  • [oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01
  • [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01
osvdb 80259
sectrack 1026828
secunia
  • 48488
  • 48511
  • 48596
  • 48712
  • 57260
suse SUSE-SU-2014:0320
ubuntu USN-1418-1
vmware via4
description The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console glibc RPM
Last major update 26-03-2014 - 00:30
Published 26-03-2012 - 15:55
Last modified 17-01-2018 - 21:29
Back to Top