FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
64bf6234-520d-11db-8f1a-000a48049292gnutls -- RSA Signature Forgery Vulnerability

Secunia reports:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.


Discovery 2006-09-08
Entry 2006-10-02
gnutls
gnutls-devel
< 1.4.4

20027
CVE-2006-4790
http://secunia.com/advisories/21937
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
< 2.8.3

gnutls-devel
< 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
f645aa90-a3e8-11e3-a422-3c970e169bc2gnutls -- multiple certificate verification issues

GnuTLS project reports:

A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior).


Discovery 2014-03-03
Entry 2014-03-04
Modified 2014-04-30
gnutls
< 2.12.23_4

linux-f10-gnutls
< 2.12.23_4

gnutls-devel
< 3.1.22

gt 3.2.0 lt 3.2.12

gnutls3
< 3.1.22

gt 3.2.0 lt 3.2.12

CVE-2014-0092
CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
b31a1088-460f-11de-a11a-0022156e8794GnuTLS -- multiple vulnerabilities

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

  • A remote code-execution vulnerability.
  • A denial-of-service vulnerability.
  • A signature-generation vulnerability.
  • A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.


Discovery 2009-05-21
Entry 2009-08-17
gnutls
< 2.6.6

gnutls-devel
< 2.7.8

CVE-2009-1415
CVE-2009-1416
CVE-2009-1417
34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
84ab58cf-e4ac-11d8-9b0a-000347a4fa7dgnutls -- certificate chain verification DoS

Patric Hornik reports on a problem in the certificate chain verification procedures of GnuTLS that may result in a denial-of-service vulnerability:

The certificate chain should be verified from last root certificate to the first certificate. Otherwise a lot of unauthorized CPU processing can be forced to check certificate signatures signed with arbitrary RSA/DSA keys chosen by attacker.

In GnuTLS the signatures are checked from first to last certificate, there is no limit on size of keys and no limit on length of certificate chain.


Discovery 2004-08-02
Entry 2004-10-05
gnutls
< 1.0.17

gnutls-devel
ge 1.1.* lt 1.1.12

http://www.hornik.sk/SA/SA-20040802.txt
http://secunia.com/advisories/12156