This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated gnutls packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The GnuTLS library provides support for cryptographic algorithms and
for protocols such as Transport Layer Security (TLS).
A flaw was found in the way TLS 1.2 could use the MD5 hash function
for signing ServerKeyExchange and Client Authentication packets during
a TLS handshake. A man-in-the-middle attacker able to force a TLS
connection to use the MD5 hash function could use this flaw to conduct
collision attacks to impersonate a TLS server or an authenticated TLS
All gnutls users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update
to take effect, all applications linked to the GnuTLS library must be
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false