Vulnerability CVE-2008-1948 - CERT Civis.Net

Vulnerability Name:

CVE-2008-1948 (CCN-42532)

Assigned:

2008-05-19

Published:

2008-05-19

Updated:

2018-10-11

Summary:

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue May 20 2008 - 09:17:09 CDT
Vulnerability Advisory on GnuTLS

Source: MITRE
Type: CNA
CVE-2008-1948

Source: CONFIRM
Type: Exploit
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b

Source: MLIST
Type: UNKNOWN
[gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

Source: MLIST
Type: Exploit
[gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]

Source: CCN
Type: gnutls-devel Mailing List, Mon, 19 May 2008 22:54:43 +0200
GnuTLS 2.2.5 - Brown paper bag release

Source: MLIST
Type: UNKNOWN
[gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:046

Source: CCN
Type: RHSA-2008-0489
Critical: gnutls security update

Source: CCN
Type: RHSA-2008-0492
Important: gnutls security update

Source: CCN
Type: SA30287
GnuTLS Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30287

Source: SECUNIA
Type: UNKNOWN
30302

Source: SECUNIA
Type: UNKNOWN
30317

Source: SECUNIA
Type: UNKNOWN
30324

Source: CCN
Type: SA30330
FileZilla GnuTLS Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30330

Source: SECUNIA
Type: UNKNOWN
30331

Source: SECUNIA
Type: UNKNOWN
30338

Source: SECUNIA
Type: UNKNOWN
30355

Source: CCN
Type: SA30560
VLC Media Player GnuTLS and Libxml2 Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31939

Source: GENTOO
Type: UNKNOWN
GLSA-200805-20

Source: SREASON
Type: UNKNOWN
3902

Source: CCN
Type: SECTRACK ID: 1020057
GnuTLS Server Name Validation Flaw Lets Remote Users Deny Service

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558

Source: CCN
Type: ASA-2008-261
gnutls security update (RHSA-2008-0492)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174

Source: CCN
Type: VideoLAN Web site
Changes between 0.8.6g and 0.8.6h

Source: CCN
Type: FICORA #130447
CERT-FI Vulnerability Advisory on GnuTLS

Source: MISC
Type: Exploit
http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html

Source: DEBIAN
Type: UNKNOWN
DSA-1581

Source: DEBIAN
Type: DSA-1581
gnutls13 -- several vulnerabilities

Source: CCN
Type: GLSA-200805-20
GnuTLS: Execution of arbitrary code

Source: CCN
Type: GNU TLS Library Project Web site
The GNU Transport Layer Security Library

Source: CCN
Type: US-CERT VU#111034
GnuTLS Server Name extension Denial of Service

Source: CERT-VN
Type: US Government Resource
VU#111034

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:106

Source: MLIST
Type: UNKNOWN
[oss-security] 20080520 Re: CVE ID request: GNUTLS

Source: MLIST
Type: Patch
[oss-security] 20080520 Re: CVE ID request: GNUTLS

Source: MLIST
Type: UNKNOWN
[oss-security] 20080520 Re: CVE ID request: GNUTLS

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0489

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0492

Source: BUGTRAQ
Type: UNKNOWN
20080520 Vulnerability Advisory on GnuTLS

Source: BUGTRAQ
Type: UNKNOWN
20080522 rPSA-2008-0174-1 gnutls

Source: BID
Type: Patch
29292

Source: CCN
Type: BID-29292
GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020057

Source: CCN
Type: USN-613-1
GnuTLS vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-613-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-1582

Source: VUPEN
Type: UNKNOWN
ADV-2008-1583

Source: XF
Type: UNKNOWN
gnutls-gnutlsservernamerecvparams-bo(42532)

Source: XF
Type: UNKNOWN
gnutls-gnutlsservernamerecvparams-bo(42532)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-2552

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10935

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-4183

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-4259

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-4274

Source: SUSE
Type: SUSE-SA:2008:046
gnutls security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42316	P	Security update for p11-kit (Moderate)	2022-07-15
oval:org.opensuse.security:def:20081948	V	CVE-2008-1948	2022-06-30
oval:org.opensuse.security:def:112326	P	gnutls-3.7.2-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31376	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:31336	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:33063	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26177	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:32215	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:105847	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:31691	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:32196	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:26138	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31686	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:42118	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31244	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32152	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:36139	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31633	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36451	P	libgnutls-devel-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31636	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:42546	P	gnutls-2.4.1-24.39.55.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31191	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32091	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31617	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:26038	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:32059	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:33102	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:31741	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:32271	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:26030	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:31179	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:32834	P	Security update for curl (Moderate)	2020-12-18
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:35909	P	gnutls-2.4.1-24.39.45.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35558	P	gnutls-2.4.1-24.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35711	P	gnutls-2.4.1-24.39.33.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41965	P	gnutls-2.4.1-24.19.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31823	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:31789	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:31026	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25466	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26908	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25764	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31972	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:27414	P	gnucash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31038	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:25604	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31377	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25110	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26265	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:25841	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32676	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25459	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:31462	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:31480	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25185	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31393	P	Security update for pam_pkcs11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26679	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26676	P	cifs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25471	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31845	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25394	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31986	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25663	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25686	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27137	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25885	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32320	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:32484	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25801	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26285	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25263	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31397	P	Security update for perl (Low)	2020-12-01
oval:org.opensuse.security:def:26577	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25994	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32873	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:26406	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26558	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25338	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31546	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:26873	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25700	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26776	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31027	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25547	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:31802	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:25892	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27449	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25109	P	Security update for audit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31112	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32637	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31388	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:32425	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25121	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26630	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25460	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25313	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31830	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:26718	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26711	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25535	P	Security update for audiofile (Low)	2020-12-01
oval:org.opensuse.security:def:31894	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27102	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26012	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25451	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25744	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:25739	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:32359	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32523	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25262	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26426	P	Security update for singularity (Moderate)	2020-12-01
oval:org.opensuse.security:def:26342	P	Security update for openjpeg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26367	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26523	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25274	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:31489	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.mitre.oval:def:17521	P	USN-613-1 -- gnutls12, gnutls13 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:19997	P	DSA-1581-1 gnutls13 - potential code execution	2014-06-23
oval:org.mitre.oval:def:7887	P	DSA-1581 gnutls13 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22264	P	ELSA-2008:0489: gnutls security update (Critical)	2014-05-26
oval:org.mitre.oval:def:10935	V	The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.	2013-04-29
oval:com.redhat.rhsa:def:20080489	P	RHSA-2008:0489: gnutls security update (Critical)	2008-05-20
oval:com.redhat.rhsa:def:20080492	P	RHSA-2008:0492: gnutls security update (Important)	2008-05-20
oval:org.debian:def:1581	V	several vulnerabilities	2008-05-20