Download
| Alert*
|
oval:org.secpod.oval:def:1501946
The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2101251 The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnut ... oval:org.secpod.oval:def:39002 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. oval:org.secpod.oval:def:502079 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A double-free flaw was found in the way GnuTLS p ... oval:org.secpod.oval:def:89044844 This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates - GnuTLS could have falsely accepted certificates when using OCSP - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets ... oval:org.secpod.oval:def:204617 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A double-free flaw was found in the way GnuTLS p ... oval:org.secpod.oval:def:1800445 It was found an issue in certificate validation using OCSP responses caused by not verifying the serial length, which can falsely report a certificate as valid.. oval:org.secpod.oval:def:51519 gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS. |
