User: Password:
|
|
Subscribe / Log in / New account

SUSE alert SUSE-SU-2014:0788-2 (GnuTLS)

From:  opensuse-security@opensuse.org
To:  opensuse-security-announce@opensuse.org
Subject:  [security-announce] SUSE-SU-2014:0788-2: important: Security update for GnuTLS
Date:  Fri, 13 Jun 2014 20:04:13 +0200 (CEST)
Message-ID:  <20140613180413.DE7C13213E@maintenance.suse.de>

SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0788-2 Rating: important References: #880730 #880910 Cross-References: CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): gnutls-1.2.10-13.40.1 gnutls-devel-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): gnutls-32bit-1.2.10-13.40.1 gnutls-devel-32bit-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): gnutls-1.2.10-13.40.1 gnutls-devel-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): gnutls-32bit-1.2.10-13.40.1 gnutls-devel-32bit-1.2.10-13.40.1 References: http://support.novell.com/security/cve/CVE-2014-3466.html http://support.novell.com/security/cve/CVE-2014-3467.html http://support.novell.com/security/cve/CVE-2014-3468.html http://support.novell.com/security/cve/CVE-2014-3469.html https://bugzilla.novell.com/880730 https://bugzilla.novell.com/880910 http://download.suse.com/patch/finder/?keywords=3a6641389... http://download.suse.com/patch/finder/?keywords=ce2995d7d... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds