SuSE 11.3 Security Update : gnutls (SAT Patch Number 9320)

medium Nessus Plugin ID 74321

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed.

Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3

These security issues have been fixed :

- Possible memory corruption during connect.
(CVE-2014-3466)

- Multiple boundary check issues could allow DoS.
(CVE-2014-3467)

- asn1_get_bit_der() can return negative bit length.
(CVE-2014-3468)

- Possible DoS by NULL pointer dereference (CVE-2014-3469)

Solution

Apply SAT patch number 9320.

Plugin Details

Severity: Medium

ID: 74321

File Name: suse_11_gnutls-140603.nasl

Version: 1.3

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/5/2014

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libgnutls26, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit, p-cpe:/a:novell:suse_linux:11:gnutls, p-cpe:/a:novell:suse_linux:11:libgnutls-extra26

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 6/3/2014

Reference Information

CVE: CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469

Detections

Analytics