Scientific Linux: SLSA-2014:0595-1 Important GnuTLS Buffer Overflow Fix

Jun 03, 2014 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory buffer overflow gnutls important update scientific linux

Important: gnutls security update

Date: Tue, 3 Jun 2014 17:21:55 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: gnutls on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: gnutls security update
Advisory ID: SLSA-2014:0595-1
Issue Date: 2014-06-03
CVE Numbers: CVE-2014-3466
--

A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)

For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--

SL6
 x86_64
 gnutls-2.8.5-14.el6_5.i686.rpm
 gnutls-2.8.5-14.el6_5.x86_64.rpm
 gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
 gnutls-debuginfo-2.8.5-14.el6_5.x86_64.rpm
 gnutls-utils-2.8.5-14.el6_5.x86_64.rpm
 gnutls-devel-2.8.5-14.el6_5.i686.rpm
 gnutls-devel-2.8.5-14.el6_5.x86_64.rpm
 gnutls-guile-2.8.5-14.el6_5.i686.rpm
 gnutls-guile-2.8.5-14.el6_5.x86_64.rpm
 i386
 gnutls-2.8.5-14.el6_5.i686.rpm
 gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
 gnutls-utils-2.8.5-14.el6_5.i686.rpm
 gnutls-devel-2.8.5-14.el6_5.i686.rpm
 gnutls-guile-2.8.5-14.el6_5.i686.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here