[SA22084] Debian update for gnutls11 / gnutls13

Les derniers commentaires publiés sur SecuObs (1-5):

- ESRT @opexxx @synopsi - Remote stack overflows - ESRT @postmodern_mod3 @tmm1 - memprof now displays stack frames and threads - ESRT @_MDL_ @gollmann - Locking botnet agents to specific victim systems in o - CsFire 0.4.1 autonomously protects against dangerous or malicious cross-domai - Seccubus v1.4.1 - Nessus 4.2 compatibility release Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA22084] Debian update for gnutls11 / gnutls13

Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts.

We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: link://[click] link://[click] link://[click]

TITLE: Debian update for gnutls11 / gnutls13

SECUNIA ADVISORY ID: SA22084

VERIFY ADVISORY: link://[click]

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE: From remote

OPERATING SYSTEM: Debian GNU/Linux 3.1 link://[click] Debian GNU/Linux unstable alias sid link://[click]

DESCRIPTION: Debian has issued updates for gnutls11 and gnutls13. These fix a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

For more information: SA21937 SOLUTION: Apply updated packages.

-- Debian GNU/Linux 3.1 alias sarge -- Source archives: link://[click] Size/MD5 checksum: 820 72116e13ca8af0d4c0420a6a5fba01fb link://[click] Size/MD5 checksum: 346146 46c4495ad9c32f53a362669432b548d0 link://[click] Size/MD5 checksum: 1504638 7b410fa3c563c7988e434a8c8671b3cd Alpha architecture: link://[click] Size/MD5 checksum: 229836 759bb1fb11af8022228651e5ee996c2a link://[click] Size/MD5 checksum: 335034 e25273a2f6a338e0a864759723f7927f link://[click] Size/MD5 checksum: 589736 7318e2d5e9e5c1706e4e3baeadbe5e95 link://[click] Size/MD5 checksum: 512202 25396b24bd00c6c2d0c52f744072b972 AMD64 architecture: link://[click] Size/MD5 checksum: 217586 8c925e3b730e6b72d776e7b132c15a04 link://[click] Size/MD5 checksum: 327012 14301cbecc28ec34e998decbabf3ce58 link://[click] Size/MD5 checksum: 575502 bb6e0f0d2312a49ea9466a0261c667a0 link://[click] Size/MD5 checksum: 392470 01728ddd9d1a2493f95f7b88fd77063d ARM architecture: link://[click] Size/MD5 checksum: 204892 4979873690a1bdd10b87de313f50e823 link://[click] Size/MD5 checksum: 294784 a1f084e60a11242ea2d0d8aa6b9e0a92 link://[click] Size/MD5 checksum: 585114 e7a6b7471fc1696936c7b1a2d842dd0a link://[click] Size/MD5 checksum: 400060 b385b5cbca545e9c3956c0c43d0946e0 HP Precision architecture: link://[click] Size/MD5 checksum: 217594 5597e912c19fb5f3cea5350fc4867948 link://[click] Size/MD5 checksum: 329544 fb715f8fb54a6fb9e430edb1774ada8e link://[click] Size/MD5 checksum: 584956 6c488c7997328cecda7afd7497d85ff5 link://[click] Size/MD5 checksum: 434780 7560c9da720dad66554a0459af06d0f8 Intel IA-32 architecture: link://[click] Size/MD5 checksum: 206826 3a6b6996db3db6bd92947fb552b61599 link://[click] Size/MD5 checksum: 301988 7af47286dd7a1fca42f80b1dfd87bb7d link://[click] Size/MD5 checksum: 558658 c5e07873a863d46892921effa3423038 link://[click] Size/MD5 checksum: 370390 e649a2f476791e825c923003b152484c Intel IA-64 architecture: link://[click] Size/MD5 checksum: 259060 252fafaf93df717cc09bfe1c33b2d382 link://[click] Size/MD5 checksum: 384930 9b16fbd9b504907db1d1c4f08669989e link://[click] Size/MD5 checksum: 585920 64245f68bb5c1c795b4143462bbb25f5 link://[click] Size/MD5 checksum: 521916 d8eb2fec68f52dbd52c351402ab99b6f Motorola 680x0 architecture: link://[click] Size/MD5 checksum: 198834 a12fd077c07b171dc6e99feb78375b08 link://[click] Size/MD5 checksum: 282984 577f5774ba0f2c274b8c62071f7202cf link://[click] Size/MD5 checksum: 561098 a08a318581f5db996d9c382bd495c709 link://[click] Size/MD5 checksum: 341710 4bc318fbbfc2046fe4dd47d12ba88425 Big endian MIPS architecture: link://[click] Size/MD5 checksum: 211728 c3c1695268e1201ac2e9081b94c17366 link://[click] Size/MD5 checksum: 291666 f8fbf909070719d38243643d5dc7bf1d link://[click] Size/MD5 checksum: 595774 f9ee1f7ceb3db2d93f9fcc758ccecab5 link://[click] Size/MD5 checksum: 408540 c1c1dcad15359180555a6256818c0686 Little endian MIPS architecture: link://[click] Size/MD5 checksum: 211476 f28cc4f345ae11897ae12ec1ac324719 link://[click] Size/MD5 checksum: 290328 fd27ef5dd5e20763912f5384b920360d link://[click] Size/MD5 checksum: 591336 9c704e57721d0cf7a12bf844731a9fd7 link://[click] Size/MD5 checksum: 404628 b1201dea3f671b1e651f86e45803d7c7 PowerPC architecture: link://[click] Size/MD5 checksum: 218500 e6b92e1d34fa41b18c9aac4765e52191 link://[click] Size/MD5 checksum: 299502 9377a3aa261f852a8666934bb0825f04 link://[click] Size/MD5 checksum: 1415916 e27b0176c54741aff5b45d0466438ee1 link://[click] Size/MD5 checksum: 388910 1a2997848bc55fc28730370891797297 IBM S/390 architecture: link://[click] Size/MD5 checksum: 215448 9b20f31f10b2b91524453c7a768402a0 link://[click] Size/MD5 checksum: 318674 6ace59100c9131a1cea01c7d635d633a link://[click] Size/MD5 checksum: 632292 60c0acb0ba3046ed4462627ed74db531 link://[click] Size/MD5 checksum: 376622 c11864c64293723e02f07bbeb59c36a7 Sun Sparc architecture: link://[click] Size/MD5 checksum: 204564 a826236438bfe0fbbffe6841fc0380be link://[click] Size/MD5 checksum: 295780 b68bb873076fad0a20082e8f1601a43d link://[click] Size/MD5 checksum: 577540 4bdfb6604d142bf8665846ef235724a0 link://[click] Size/MD5 checksum: 399936 10103cd5f9f40c434b9c6412cad4edb2 -- Debian GNU/Linux unstable alias sid -- Debian GNU/Linux unstable alias sid does no longer contain gnutls11.

The problem has been fixed in version 1.4.4-1 of gnutls13.

ORIGINAL ADVISORY: link://[click] OTHER REFERENCES: SA21937: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA21969] e-Vision CMS SQL Injection and File Upload Vulnerabilities
Suivant par Date: [SA22082] Debian update for kernel-source-2.4.27
Precedent par fil : [SA21969] e-Vision CMS SQL Injection and File Upload Vulnerabilities
Suivant par fil : [SA22082] Debian update for kernel-source-2.4.27
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- ESRT @JGamblin @threatpost - Hackers say they will definitely break into an A - ESRT @hdmoore @iagox86 - Weaponizing dnscat - first version of dnscat shellco - iWep PRO 1.1.3 Released - FireCAT v1.6.2 updated with Framework Detector - ESRT @opexxx - FireCAT v1.6.2 updated with BackendInfo - sipwitch 0.7.4 - Oracle XDB FTP service UNLOCK buffer overflow exploit that spawns a reverse s - XSSploit XSS scanner multiplatfom v0.5 available - Network forensics in IRB xtractr Ruby gem - GreenPois0n Possible Jailbreak Software for iPad OS 32 - Blazing fast password recovery with new ATI cards - ESRT @wireheadlance - How to secure a Cisco router - Device Fingerprinting to Fight Real-time Transaction Fraud - Penetrating Intranets through Adobe Flex Applications - Updated the OWASP Fuzzing Code Database - ESRT @jcran - how to convert a NASL check to a NeXpose check - The New Disclosure Debate and the Evil Mr. Moore - Charlie Miller Will Expose 20 Hackable Apple Security Flaws - Digital Forensics Framework v0.5 released - OSSIM v2.2 Multiple Vulnerabilities Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38969 OSSIM Multiple Vulnerabilities - SA38861 TR-069 Remote Management SQL Injection Vulnerability - SA38955 MaxDB Handshake Packet Buffer Overflow Vulnerability - SA38922 Ubuntu update for linux and linux-source-2.6.15 - SA38967 PhpKobo Real Estate Contact Form LANG_CODE Local File Inclusion + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure Fingerprinting Paper with Laser - Re: Full-disclosure Fingerprinting Paper with Laser - Full-disclosure AboCMS SQL injection (abocms.ru) - Full-disclosure SECURITY DSA-2018-1 New php5 packages fix null pointer dereference + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Sahana 0.6.2.2 Authentication Bypass - Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability - Secunia Research: Quicksilver Forums Backup Information Disclosure - Secunia Research: Quicksilver Forums mysqldump Password Disclosure - Miranda IM silent TLS failure - Vulnerabilities in VXDate for Joomla + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, shmoocon, wireshark, ettercap, hacker, firewall, internet, knoppix, rootkit, arduino, wireless, source, conference, backtrack, openbsd, brucon, systm, overflow, openssh, access, buffer, remote + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter