[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2014:109 ] gnutls



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:109
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : gnutls
 Date    : June 9, 2014
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Updated gnutls packages fix security vulnerability:
 
 A flaw was found in the way GnuTLS parsed session ids from Server
 Hello packets of the TLS/SSL handshake.  A malicious server could use
 this flaw to send an excessively long session id value and trigger a
 buffer overflow in a connecting TLS/SSL client using GnuTLS, causing
 it to crash or, possibly, execute arbitrary code (CVE-2014-3466).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
 http://advisories.mageia.org/MGASA-2014-0248.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 a2d9b9de428cb4c54e4431ac3b90bc7c  mes5/i586/gnutls-2.4.1-2.11mdvmes5.2.i586.rpm
 0aeec587dd6e38321e6e1a029895933b  mes5/i586/libgnutls26-2.4.1-2.11mdvmes5.2.i586.rpm
 40af11121bc70873fc337e3f0ac513e2  mes5/i586/libgnutls-devel-2.4.1-2.11mdvmes5.2.i586.rpm 
 d74c6d27f23aab10769777ada47f1174  mes5/SRPMS/gnutls-2.4.1-2.11mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3bc708d509ad98855875dcd21159db20  mes5/x86_64/gnutls-2.4.1-2.11mdvmes5.2.x86_64.rpm
 bb5968c312979ac7c706949420c37b34  mes5/x86_64/lib64gnutls26-2.4.1-2.11mdvmes5.2.x86_64.rpm
 390db75387d13706a7839c6e9d0283c2  mes5/x86_64/lib64gnutls-devel-2.4.1-2.11mdvmes5.2.x86_64.rpm 
 d74c6d27f23aab10769777ada47f1174  mes5/SRPMS/gnutls-2.4.1-2.11mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTldvRmqjQ0CJFipgRAgv2AJ92OmTNZTwJbeCvI7BWxwrrXRx1xgCg0HaM
tf2MKexJnpBnQ7VcYXCakq0=
=nakX
-----END PGP SIGNATURE-----