rpm package
suse/gnutls&distro=SUSE Linux Enterprise Server 11 SP3
pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8313 | — | < 2.4.1-24.39.60.1 | 2.4.1-24.39.60.1 | Dec 20, 2019 | GnuTLS incorrectly validates the first byte of padding in CBC modes | ||
| CVE-2015-4000 | Low | 3.7 | < 2.4.1-24.39.57.1 | 2.4.1-24.39.57.1 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D | |
| CVE-2015-2806 | — | < 2.4.1-24.39.60.1 | 2.4.1-24.39.60.1 | Apr 10, 2015 | Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. |
- CVE-2015-8313Dec 20, 2019affected < 2.4.1-24.39.60.1fixed 2.4.1-24.39.60.1
GnuTLS incorrectly validates the first byte of padding in CBC modes
- affected < 2.4.1-24.39.57.1fixed 2.4.1-24.39.57.1
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
- CVE-2015-2806Apr 10, 2015affected < 2.4.1-24.39.60.1fixed 2.4.1-24.39.60.1
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.