{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"FileZilla 3.x.","product":{"name":"N/A","vendor":{"name":"GnuTLS","scada":false}}},{"description":"GnuTLS 2.x ;","product":{"name":"N/A","vendor":{"name":"GnuTLS","scada":false}}},{"description":"FileZilla 2.x ;","product":{"name":"N/A","vendor":{"name":"GnuTLS","scada":false}}},{"description":"GnuTLS 1.x ;","product":{"name":"N/A","vendor":{"name":"GnuTLS","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de GnuTLS permettent \u00e0 une personne\nmalveillante d'effectuer un d\u00e9ni de service ou une ex\u00e9cution de code \u00e0\ndistance. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es via :\n\n-   des messages Client Hello dans des packets TLS sp\u00e9cialement con\u00e7us ;\n-   des donn\u00e9es TLS chiffr\u00e9es sp\u00e9cialement con\u00e7ues exploitant une erreur\n    dans la fonction \\_gnutls_ciphertext2compressed().\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-1948","url":"https://www.cve.org/CVERecord?id=CVE-2008-1948"},{"name":"CVE-2008-1949","url":"https://www.cve.org/CVERecord?id=CVE-2008-1949"},{"name":"CVE-2008-1950","url":"https://www.cve.org/CVERecord?id=CVE-2008-1950"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0489 du 20 mai 2008 :","url":"http://rhn.redhat.com/errata/RHSA-2008-0489.html"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0492 du 20 mai 2008 :","url":"http://rhn.redhat.com/errata/RHSA-2008-0492.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200805-20 du 21 mai 2008 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200805-20.xml"},{"title":"Note de version GnuTLS 2.2.5 du 19 mai 2008 :","url":"http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-613-1 du 21 mai 2008 :","url":"http://www.ubuntu.com/usn/usn-613-1"},{"title":"Note de version FileZilla 3.010 du 20 mai 2008 :","url":"http://sourceforge.net/project/shownotes.php?release_id=600646"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1581 du 20 mai 2008 :","url":"http://www.debian.org/security/2008/dsa-1581"},{"title":"Site de t\u00e9l\u00e9chargement du projet FileZilla :","url":"http://sourceforge.net/project/showfiles.php.group_id=21558"}],"reference":"CERTA-2008-AVI-262","revisions":[{"description":"version initiale.","revision_date":"2008-05-22T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, RedHat, Debian et Ubuntu.","revision_date":"2008-09-18T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">GnuTLS</span> et permettent \u00e0 une personne malveillante\nd'effectuer un d\u00e9ni de service ou une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans GnuTLS","vendor_advisories":[{"published_at":null,"title":"Note de version GnuTLS du 19 mai 2008","url":null}]}