Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

UBUNTU: 2022:0147-1 High: OpenSSL Buffer Overflow And DoS

suse
Calendar Grey June 13, 2014
Dist Suse Esm H88
Important announcement regarding GnuTLS fixes vulnerabilities related to memory corruption and Denial of Service (DoS) risks in SUSE platforms.
An update that fixes four vulnerabilities is now available

Summary

GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

Topics%20covered

Topics Covered

security advisory memory corruption critical update suse gnutls dos

References

#880730 #880910

Cross- CVE-2014-3466 CVE-2014-3467 CVE-2014-3468

CVE-2014-3469

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

SUSE Linux Enterprise Server 10 SP3 LTSS

https://www.suse.com/security/cve/CVE-2014-3466.html

https://www.suse.com/security/cve/CVE-2014-3467.html

https://www.suse.com/security/cve/CVE-2014-3468.html

https://www.suse.com/security/cve/CVE-2014-3469.html

https://scc.suse.com:443/patches/

https://scc.suse.com:443/patches/

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2014:0788-2
Rating: important

Topics%20covered

Topics Covered

security advisory memory corruption critical update suse gnutls dos

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here