Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 20 May 2008 15:40:03 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for gnutls on SL4.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "Synopsis: Important: gnutls security update Issue date: 2008-05-20 CVE Names: CVE-2008-1948 CVE-2008-1949 CVE-2008-1950 Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) At this time we have not seen any code that is using this exploit. But in Scientific Linux 5 there are some applications, that would be directly vulnerable if/when there is an exploit. Because of the potential threat we are labeling this important. SL 4.x SRPMS: gnutls-1.0.20-4.el4_6.src.rpm i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm -Connie Sieh -Troy Dawson