[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2017-0574 -- Oracle gnutls

ID: oval:org.secpod.oval:def:1501809Date: (C)2017-03-31   (M)2024-01-29
Class: PATCHFamily: unix




The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash.

Platform:
Oracle Linux 6
Product:
gnutls
Reference:
ELSA-2017-0574
CVE-2017-5337
CVE-2017-5336
CVE-2017-5335
CVE-2016-8610
CVE    4
CVE-2017-5337
CVE-2017-5335
CVE-2017-5336
CVE-2016-8610
...
CPE    11
cpe:/a:gnu:gnutls
cpe:/a:gnu:gnutls:3.3.25
cpe:/a:gnu:gnutls:3.5.7
cpe:/a:gnu:gnutls:3.5.4
...

© SecPod Technologies