Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-0012

Опубликовано: 07 янв. 2016
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2016-0012: gnutls security update (MODERATE)

[3.3.8-14]

  • Prevent downgrade attack to RSA-MD5 in server key exchange.

[3.3.8-13]

  • Corrected reseed and respect of max_number_of_bits_per_request in FIPS140-2 mode. Also enhanced the initial tests. (#1228199)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

gnutls

2.8.5-19.el6_7

gnutls-devel

2.8.5-19.el6_7

gnutls-guile

2.8.5-19.el6_7

gnutls-utils

2.8.5-19.el6_7

Oracle Linux i686

gnutls

2.8.5-19.el6_7

gnutls-devel

2.8.5-19.el6_7

gnutls-guile

2.8.5-19.el6_7

gnutls-utils

2.8.5-19.el6_7

Oracle Linux sparc64

gnutls

2.8.5-19.el6_7

gnutls-devel

2.8.5-19.el6_7

gnutls-guile

2.8.5-19.el6_7

gnutls-utils

2.8.5-19.el6_7

Oracle Linux 7

Oracle Linux x86_64

gnutls

3.3.8-14.el7_2

gnutls-c++

3.3.8-14.el7_2

gnutls-dane

3.3.8-14.el7_2

gnutls-devel

3.3.8-14.el7_2

gnutls-utils

3.3.8-14.el7_2

Связанные CVE

CVE-2015-7575

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2015-7575

CVSS3: 5.9
ubuntu
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

redhat логотип

CVE-2015-7575

redhat
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

nvd логотип

CVE-2015-7575

CVSS3: 5.9
nvd
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

debian логотип

CVE-2015-7575

CVSS3: 5.9
debian
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...

suse-cvrf логотип

openSUSE-SU-2016:0605-1

suse-cvrf
больше 9 лет назад

Security update for bouncycastle