Paketname
gnutls
Datum
2014-06-09
Advisory ID
MDVSA-2014:109
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Updated gnutls packages fix security vulnerability:

A flaw was found in the way GnuTLS parsed session ids from Server
Hello packets of the TLS/SSL handshake. A malicious server could use
this flaw to send an excessively long session id value and trigger a
buffer overflow in a connecting TLS/SSL client using GnuTLS, causing
it to crash or, possibly, execute arbitrary code (CVE-2014-3466).

Aktualisierte Pakete

MES5 i586

 a2d9b9de428cb4c54e4431ac3b90bc7c  mes5/i586/gnutls-2.4.1-2.11mdvmes5.2.i586.rpm
 0aeec587dd6e38321e6e1a029895933b  mes5/i586/libgnutls26-2.4.1-2.11mdvmes5.2.i586.rpm
 40af11121bc70873fc337e3f0ac513e2  mes5/i586/libgnutls-devel-2.4.1-2.11mdvmes5.2.i586.rpm 
 d74c6d27f23aab10769777ada47f1174  mes5/SRPMS/gnutls-2.4.1-2.11mdvmes5.2.src.rpm

MES5 x86_64

 3bc708d509ad98855875dcd21159db20  mes5/x86_64/gnutls-2.4.1-2.11mdvmes5.2.x86_64.rpm
 bb5968c312979ac7c706949420c37b34  mes5/x86_64/lib64gnutls26-2.4.1-2.11mdvmes5.2.x86_64.rpm
 390db75387d13706a7839c6e9d0283c2  mes5/x86_64/lib64gnutls-devel-2.4.1-2.11mdvmes5.2.x86_64.rpm 
 d74c6d27f23aab10769777ada47f1174  mes5/SRPMS/gnutls-2.4.1-2.11mdvmes5.2.src.rpm

Referenzen