Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 576
Alerts This Week
Warning Icon 1 576

Gentoo: 200805-20 High: GnuTLS Code Execution Risk and DoS Threat

gentoo
Calendar Grey May 21, 2008
Dist Gentoo Esm H88
Several GnuTLS security flaws have been identified that may facilitate code execution; it is advisable for Gentoo users to upgrade due to the elevated severity of these vulnerabilities.
Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS.

Summary

Gentoo Linux Security Advisory GLSA 200805-20 https://security.gentoo.org/ Severity: High Title: GnuTLS: Execution of arbitrary code Date: May 21, 2008 Bugs: #222823 ID: 200805-20

Synopsis ======= Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS.
Background ========= GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, 1.1 and 1.2.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/gnutls < 2.2.5 >= 2.2.5
========== Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS:
* "Client Hello" messages containin...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround