Mageia alert MGASA-2015-0322 (gnutls) [LWN.net]

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2015-0322: Updated gnutls packages fix security vulnerabilities 
Date:
    	       Tue, 25 Aug 2015 20:18:16 +0200
Message-ID:
    	       <20150825181817.06FFC40F9F@valstar.mageia.org>
MGASA-2015-0322 - Updated gnutls packages fix security vulnerabilities

Publication date: 25 Aug 2015
URL: http://advisories.mageia.org/MGASA-2015-0322.html
Type: security
Affected Mageia releases: 4, 5
CVE: CVE-2015-0294,
     CVE-2015-6251

Description:
It was reported that GnuTLS does not check whether the two signature
algorithms match on certificate import (CVE-2015-0294).

Kurt Roeckx discovered that decoding a specific certificate with very long
DistinguishedName (DN) entries leads to double free. A remote attacker can
take advantage of this flaw by creating a specially crafted certificate that,
when processed by an application compiled against GnuTLS, could cause the
application to crash resulting in a denial of service (CVE-2015-6251).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15504
- https://www.debian.org/security/2015/dsa-3191
- https://www.debian.org/security/2015/dsa-3334
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0294
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6251

SRPMS:
- 4/core/gnutls-3.2.7-1.7.mga4
- 5/core/gnutls-3.2.21-1.1.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2015-0322: Updated gnutls packages fix security vulnerabilities
Date:		Tue, 25 Aug 2015 20:18:16 +0200
Message-ID:		<20150825181817.06FFC40F9F@valstar.mageia.org>