GLSA-200505-04 : GnuTLS: Denial of Service vulnerability

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200505-04
(GnuTLS: Denial of Service vulnerability)

A vulnerability has been discovered in the record packet parsing
in the GnuTLS library. Additionally, a flaw was also found in the RSA
key export functionality.

Impact :

A remote attacker could exploit this vulnerability and cause a
Denial of Service to any application that utilizes the GnuTLS library.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All GnuTLS users should remove the existing installation and
upgrade to the latest version:
# emerge --sync
# emerge --unmerge gnutls
# emerge --ask --oneshot --verbose net-libs/gnutls
Due to small API changes with the previous version, please do
the following to ensure your applications are using the latest GnuTLS
that you just emerged.
# revdep-rebuild --soname-regexp[0-1]
Previously exported RSA keys can be fixed by executing the
following command on the key files:
# certtool -k infile outfile

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18230 (gentoo_GLSA-200505-04.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1431