ID de Prueba:	1.3.6.1.4.1.25623.1.0.703437
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3437-1 (gnutls26 - security update)
Resumen:	Karthikeyan Bhargavan and Gaetan;Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow;the MD5 hash function to be used for signing ServerKeyExchange and Client;Authentication packets during a TLS handshake. A man-in-the-middle attacker;could exploit this flaw to conduct collision attacks to impersonate a TLS;server or an authenticated TLS client.
Descripción:	Summary: Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. Affected Software/OS: gnutls26 on Debian Linux Solution: For the oldstable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u5. We recommend that you upgrade your gnutls26 packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7575 BugTraq ID: 79684 http://www.securityfocus.com/bid/79684 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3436 (Google Search) http://www.debian.org/security/2016/dsa-3436 Debian Security Information: DSA-3437 (Google Search) http://www.debian.org/security/2016/dsa-3437 Debian Security Information: DSA-3457 (Google Search) http://www.debian.org/security/2016/dsa-3457 Debian Security Information: DSA-3458 (Google Search) http://www.debian.org/security/2016/dsa-3458 Debian Security Information: DSA-3465 (Google Search) http://www.debian.org/security/2016/dsa-3465 Debian Security Information: DSA-3491 (Google Search) http://www.debian.org/security/2016/dsa-3491 Debian Security Information: DSA-3688 (Google Search) http://www.debian.org/security/2016/dsa-3688 https://security.gentoo.org/glsa/201701-46 https://security.gentoo.org/glsa/201706-18 https://security.gentoo.org/glsa/201801-15 RedHat Security Advisories: RHSA-2016:0049 http://rhn.redhat.com/errata/RHSA-2016-0049.html RedHat Security Advisories: RHSA-2016:0050 http://rhn.redhat.com/errata/RHSA-2016-0050.html RedHat Security Advisories: RHSA-2016:0053 http://rhn.redhat.com/errata/RHSA-2016-0053.html RedHat Security Advisories: RHSA-2016:0054 http://rhn.redhat.com/errata/RHSA-2016-0054.html RedHat Security Advisories: RHSA-2016:0055 http://rhn.redhat.com/errata/RHSA-2016-0055.html RedHat Security Advisories: RHSA-2016:0056 http://rhn.redhat.com/errata/RHSA-2016-0056.html RedHat Security Advisories: RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430 http://www.securitytracker.com/id/1034541 http://www.securitytracker.com/id/1036467 SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html SuSE Security Announcement: openSUSE-SU-2015:2405 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html SuSE Security Announcement: openSUSE-SU-2016:0007 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2016:0161 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html SuSE Security Announcement: openSUSE-SU-2016:0162 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:0488 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html SuSE Security Announcement: openSUSE-SU-2016:0605 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html http://www.ubuntu.com/usn/USN-2863-1 http://www.ubuntu.com/usn/USN-2864-1 http://www.ubuntu.com/usn/USN-2865-1 http://www.ubuntu.com/usn/USN-2866-1 http://www.ubuntu.com/usn/USN-2884-1 http://www.ubuntu.com/usn/USN-2904-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.