FreeBSD : GnuTLS -- Memory corruption vulnerabilities (0c5369fc-d671-11e6-a9a5-b499baebfeaf)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The GnuTLS project reports :

- It was found using the OSS-FUZZ fuzzer infrastructure that decoding
a specially crafted OpenPGP certificate could lead to heap and stack
overflows. (GNUTLS-SA-2017-2)

- It was found using the OSS-FUZZ fuzzer infrastructure that decoding
a specially crafted X.509 certificate with Proxy Certificate
Information extension present could lead to a double free.
(GNUTLS-SA-2017-1)

See also :

http://www.gnutls.org/news.html#2017-01-09
http://www.gnutls.org/security.html#GNUTLS-SA-2017-2
http://www.gnutls.org/security.html#GNUTLS-SA-2017-1
http://www.nessus.org/u?0e8eb181

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96365 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now