ID CVE-2014-8564
Summary The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
References
Vulnerable Configurations
  • GNU TLS 3.0
    cpe:2.3:a:gnu:gnutls:3.0
  • GNU GnuTLS 3.0.0
    cpe:2.3:a:gnu:gnutls:3.0.0
  • GNU GnuTLS 3.0.1
    cpe:2.3:a:gnu:gnutls:3.0.1
  • GNU GnuTLS 3.0.2
    cpe:2.3:a:gnu:gnutls:3.0.2
  • GNU GnuTLS 3.0.3
    cpe:2.3:a:gnu:gnutls:3.0.3
  • GNU GnuTLS 3.0.4
    cpe:2.3:a:gnu:gnutls:3.0.4
  • GNU GnuTLS 3.0.5
    cpe:2.3:a:gnu:gnutls:3.0.5
  • GNU GnuTLS 3.0.6
    cpe:2.3:a:gnu:gnutls:3.0.6
  • GNU GnuTLS 3.0.7
    cpe:2.3:a:gnu:gnutls:3.0.7
  • GNU GnuTLS 3.0.8
    cpe:2.3:a:gnu:gnutls:3.0.8
  • GNU GnuTLS 3.0.9
    cpe:2.3:a:gnu:gnutls:3.0.9
  • GNU GnuTLS 3.0.10
    cpe:2.3:a:gnu:gnutls:3.0.10
  • GNU GnuTLS 3.0.11
    cpe:2.3:a:gnu:gnutls:3.0.11
  • GNU GnuTLS 3.0.12
    cpe:2.3:a:gnu:gnutls:3.0.12
  • GNU GnuTLS 3.0.13
    cpe:2.3:a:gnu:gnutls:3.0.13
  • GNU GnuTLS 3.0.14
    cpe:2.3:a:gnu:gnutls:3.0.14
  • GNU GnuTLS 3.0.15
    cpe:2.3:a:gnu:gnutls:3.0.15
  • GNU GnuTLS 3.0.16
    cpe:2.3:a:gnu:gnutls:3.0.16
  • GNU GnuTLS 3.0.17
    cpe:2.3:a:gnu:gnutls:3.0.17
  • GNU GnuTLS 3.0.18
    cpe:2.3:a:gnu:gnutls:3.0.18
  • GNU GnuTLS 3.0.19
    cpe:2.3:a:gnu:gnutls:3.0.19
  • GNU GnuTLS 3.0.20
    cpe:2.3:a:gnu:gnutls:3.0.20
  • GNU GnuTLS 3.0.21
    cpe:2.3:a:gnu:gnutls:3.0.21
  • GNU GnuTLS 3.0.22
    cpe:2.3:a:gnu:gnutls:3.0.22
  • GNU GnuTLS 3.0.23
    cpe:2.3:a:gnu:gnutls:3.0.23
  • GNU GnuTLS 3.0.24
    cpe:2.3:a:gnu:gnutls:3.0.24
  • GNU GnuTLS 3.0.25
    cpe:2.3:a:gnu:gnutls:3.0.25
  • GNU GnuTLS 3.0.26
    cpe:2.3:a:gnu:gnutls:3.0.26
  • GNU GnuTLS 3.0.27
    cpe:2.3:a:gnu:gnutls:3.0.27
  • GNU GnuTLS 3.0.28
    cpe:2.3:a:gnu:gnutls:3.0.28
  • GNU GnuTLS 3.1.0
    cpe:2.3:a:gnu:gnutls:3.1.0
  • GNU GnuTLS 3.1.1
    cpe:2.3:a:gnu:gnutls:3.1.1
  • GNU GnuTLS 3.1.2
    cpe:2.3:a:gnu:gnutls:3.1.2
  • GNU GnuTLS 3.1.3
    cpe:2.3:a:gnu:gnutls:3.1.3
  • GNU GnuTLS 3.1.4
    cpe:2.3:a:gnu:gnutls:3.1.4
  • GNU GnuTLS 3.1.5
    cpe:2.3:a:gnu:gnutls:3.1.5
  • GNU GnuTLS 3.1.6
    cpe:2.3:a:gnu:gnutls:3.1.6
  • GNU GnuTLS 3.1.7
    cpe:2.3:a:gnu:gnutls:3.1.7
  • GNU GnuTLS 3.1.8
    cpe:2.3:a:gnu:gnutls:3.1.8
  • GNU GnuTLS 3.1.9
    cpe:2.3:a:gnu:gnutls:3.1.9
  • GNU GnuTLS 3.1.10
    cpe:2.3:a:gnu:gnutls:3.1.10
  • GNU GnuTLS 3.1.11
    cpe:2.3:a:gnu:gnutls:3.1.11
  • GNU GnuTLS 3.1.12
    cpe:2.3:a:gnu:gnutls:3.1.12
  • GNU GnuTLS 3.1.13
    cpe:2.3:a:gnu:gnutls:3.1.13
  • GNU GnuTLS 3.1.14
    cpe:2.3:a:gnu:gnutls:3.1.14
  • GNU GnuTLS 3.1.15
    cpe:2.3:a:gnu:gnutls:3.1.15
  • GNU GnuTLS 3.1.16
    cpe:2.3:a:gnu:gnutls:3.1.16
  • GNU GnuTLS 3.1.17
    cpe:2.3:a:gnu:gnutls:3.1.17
  • GNU GnuTLS 3.1.18
    cpe:2.3:a:gnu:gnutls:3.1.18
  • GNU GnuTLS 3.1.19
    cpe:2.3:a:gnu:gnutls:3.1.19
  • GNU GnuTLS 3.1.20
    cpe:2.3:a:gnu:gnutls:3.1.20
  • GNU GnuTLS 3.1.21
    cpe:2.3:a:gnu:gnutls:3.1.21
  • GNU GnuTLS 3.1.22
    cpe:2.3:a:gnu:gnutls:3.1.22
  • GNU GnuTLS 3.1.23
    cpe:2.3:a:gnu:gnutls:3.1.23
  • GNU GnuTLS 3.1.24
    cpe:2.3:a:gnu:gnutls:3.1.24
  • GNU GnuTLS 3.1.25
    cpe:2.3:a:gnu:gnutls:3.1.25
  • GNU GnuTLS 3.1.26
    cpe:2.3:a:gnu:gnutls:3.1.26
  • GNU GnuTLS 3.1.27
    cpe:2.3:a:gnu:gnutls:3.1.27
  • GNU GnuTLS 3.2.0
    cpe:2.3:a:gnu:gnutls:3.2.0
  • GNU GnuTLS 3.2.1
    cpe:2.3:a:gnu:gnutls:3.2.1
  • GNU GnuTLS 3.2.2
    cpe:2.3:a:gnu:gnutls:3.2.2
  • GNU GnuTLS 3.2.3
    cpe:2.3:a:gnu:gnutls:3.2.3
  • GNU GnuTLS 3.2.4
    cpe:2.3:a:gnu:gnutls:3.2.4
  • GNU GnuTLS 3.2.5
    cpe:2.3:a:gnu:gnutls:3.2.5
  • GNU GnuTLS 3.2.6
    cpe:2.3:a:gnu:gnutls:3.2.6
  • GNU GnuTLS 3.2.7
    cpe:2.3:a:gnu:gnutls:3.2.7
  • GNU GnuTLS 3.2.8
    cpe:2.3:a:gnu:gnutls:3.2.8
  • GNU GnuTLS 3.2.8.1
    cpe:2.3:a:gnu:gnutls:3.2.8.1
  • GNU GnuTLS 3.2.9
    cpe:2.3:a:gnu:gnutls:3.2.9
  • GNU GnuTLS 3.2.10
    cpe:2.3:a:gnu:gnutls:3.2.10
  • GNU GnuTLS 3.2.11
    cpe:2.3:a:gnu:gnutls:3.2.11
  • GNU GnuTLS 3.2.12
    cpe:2.3:a:gnu:gnutls:3.2.12
  • GNU GnuTLS 3.2.12.1
    cpe:2.3:a:gnu:gnutls:3.2.12.1
  • GNU GnuTLS 3.2.13
    cpe:2.3:a:gnu:gnutls:3.2.13
  • GNU GnuTLS 3.2.14
    cpe:2.3:a:gnu:gnutls:3.2.14
  • GNU GnuTLS 3.2.15
    cpe:2.3:a:gnu:gnutls:3.2.15
  • GNU GnuTLS 3.2.16
    cpe:2.3:a:gnu:gnutls:3.2.16
  • GNU GnuTLS 3.2.17
    cpe:2.3:a:gnu:gnutls:3.2.17
  • GNU GnuTLS 3.2.18
    cpe:2.3:a:gnu:gnutls:3.2.18
  • GNU GnuTLS 3.2.19
    cpe:2.3:a:gnu:gnutls:3.2.19
  • GNU GnuTLS 3.3.0
    cpe:2.3:a:gnu:gnutls:3.3.0
  • GNU GnuTLS 3.3.0 pre0
    cpe:2.3:a:gnu:gnutls:3.3.0:pre0
  • GNU GnuTLS 3.3.1
    cpe:2.3:a:gnu:gnutls:3.3.1
  • GNU GnuTLS 3.3.2
    cpe:2.3:a:gnu:gnutls:3.3.2
  • GNU GnuTLS 3.3.3
    cpe:2.3:a:gnu:gnutls:3.3.3
  • GNU GnuTLS 3.3.4
    cpe:2.3:a:gnu:gnutls:3.3.4
  • GNU GnuTLS 3.3.5
    cpe:2.3:a:gnu:gnutls:3.3.5
  • GNU GnuTLS 3.3.6
    cpe:2.3:a:gnu:gnutls:3.3.6
  • GNU GnuTLS 3.3.7
    cpe:2.3:a:gnu:gnutls:3.3.7
  • GNU GnuTLS 3.3.8
    cpe:2.3:a:gnu:gnutls:3.3.8
  • GNU GnuTLS 3.3.9
    cpe:2.3:a:gnu:gnutls:3.3.9
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • OpenSUSE 12.3
    cpe:2.3:o:opensuse:opensuse:12.3
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
CVSS
Base: 5.0 (as of 07-09-2016 - 11:00)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-696.NASL
    description gnutls was updated to fix one security issue. This security issue was fixed : - Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79413
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79413
    title openSUSE Security Update : gnutls (openSUSE-SU-2014:1472-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-215.NASL
    description Updated gnutls package fix security vulnerability : An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79347
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79347
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2403-1.NASL
    description Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79209
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79209
    title Ubuntu 14.10 : gnutls28 vulnerability (USN-2403-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14734.NASL
    description new upstream release, Security fix for CVE-2014-8564 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79262
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79262
    title Fedora 21 : gnutls-3.3.10-1.fc21 (2014-14734)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1846.NASL
    description Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79220
    published 2014-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79220
    title CentOS 7 : gnutls (CESA-2014:1846)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1846.NASL
    description From Red Hat Security Advisory 2014:1846 : Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 79227
    published 2014-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79227
    title Oracle Linux 7 : gnutls (ELSA-2014-1846)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141112_GNUTLS_ON_SL7_X.NASL
    description An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 79231
    published 2014-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79231
    title Scientific Linux Security Update : gnutls on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1846.NASL
    description Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 79207
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79207
    title RHEL 7 : gnutls (RHSA-2014:1846)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1628-1.NASL
    description gnutls was updated to fix one security issue. - Fixed parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83650
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83650
    title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2014:1628-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-072.NASL
    description Updated gnutls packages fix security vulnerabilities : Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior) (CVE-2014-1959). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092). A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs (CVE-2014-3465). A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code (CVE-2014-3466). An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82325
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82325
    title Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14760.NASL
    description Security fix for CVE-2014-8564 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79240
    published 2014-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79240
    title Fedora 20 : gnutls-3.1.28-1.fc20 (2014-14760)
redhat via4
advisories
bugzilla
id 1161443
title CVE-2014-8564 gnutls: Heap corruption when generating key ID for ECC (GNUTLS-SA-2014-5)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment gnutls is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846005
      • comment gnutls is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429006
    • AND
      • comment gnutls-c++ is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846011
      • comment gnutls-c++ is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684010
    • AND
      • comment gnutls-dane is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846013
      • comment gnutls-dane is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20140684008
    • AND
      • comment gnutls-devel is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846009
      • comment gnutls-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429010
    • AND
      • comment gnutls-utils is earlier than 0:3.1.18-10.el7_0
        oval oval:com.redhat.rhsa:tst:20141846007
      • comment gnutls-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20120429008
rhsa
id RHSA-2014:1846
released 2014-11-12
severity Moderate
title RHSA-2014:1846: gnutls security update (Moderate)
rpms
  • gnutls-0:3.1.18-10.el7_0
  • gnutls-c++-0:3.1.18-10.el7_0
  • gnutls-dane-0:3.1.18-10.el7_0
  • gnutls-devel-0:3.1.18-10.el7_0
  • gnutls-utils-0:3.1.18-10.el7_0
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1161443
secunia
  • 59991
  • 62284
  • 62294
suse openSUSE-SU-2014:1472
ubuntu USN-2403-1
Last major update 08-09-2016 - 09:08
Published 13-11-2014 - 16:32
Last modified 30-10-2018 - 12:27
Back to Top