Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.871291 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Update for gnutls RHSA-2014:1846-01 |
Zusammenfassung: | The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory. Vulnerability Insight: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. Affected Software/OS: gnutls on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-8564 RedHat Security Advisories: RHSA-2014:1846 http://rhn.redhat.com/errata/RHSA-2014-1846.html http://secunia.com/advisories/59991 http://secunia.com/advisories/62284 http://secunia.com/advisories/62294 SuSE Security Announcement: openSUSE-SU-2014:1472 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00084.html http://www.ubuntu.com/usn/USN-2403-1 |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |