Date: Tue, 3 Jun 2014 17:21:55 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Important: gnutls on SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Important: gnutls security update
Advisory ID: SLSA-2014:0595-1
Issue Date: 2014-06-03
CVE Numbers: CVE-2014-3466
--
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--
SL6
x86_64
gnutls-2.8.5-14.el6_5.i686.rpm
gnutls-2.8.5-14.el6_5.x86_64.rpm
gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
gnutls-debuginfo-2.8.5-14.el6_5.x86_64.rpm
gnutls-utils-2.8.5-14.el6_5.x86_64.rpm
gnutls-devel-2.8.5-14.el6_5.i686.rpm
gnutls-devel-2.8.5-14.el6_5.x86_64.rpm
gnutls-guile-2.8.5-14.el6_5.i686.rpm
gnutls-guile-2.8.5-14.el6_5.x86_64.rpm
i386
gnutls-2.8.5-14.el6_5.i686.rpm
gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
gnutls-utils-2.8.5-14.el6_5.i686.rpm
gnutls-devel-2.8.5-14.el6_5.i686.rpm
gnutls-guile-2.8.5-14.el6_5.i686.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-3466 Important: gnutls SL6.x i386/x86_64
Important: gnutls security update
Summary
Important: gnutls security update
Security Fixes
Severity
Advisory ID: SLSA-2014:0595-1
Issued Date: : 2014-06-03
CVE Numbers: CVE-2014-3466
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
News
HOWTOs
About Us
Powered By
