MDVSA-2012:045
- Nom du paquet
- gnutls
- Date
- 2012-03-30
- Advisory ID
- MDVSA-2012:045
- Affected versions
- MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in GnuTLS:
Buffer overflow in the gnutls_session_get_data function in
lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before
3.0.7, when used on a client that performs nonstandard session
resumption, allows remote TLS servers to cause a denial of service
(application crash) via a large SessionTicket (CVE-2011-4128).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
c662a0d8e022c7db282e577eac367ccd mes5/i586/gnutls-2.4.1-2.7mdvmes5.2.i586.rpm ee9687cbb56d4a6520d3144ec6a317a3 mes5/i586/libgnutls26-2.4.1-2.7mdvmes5.2.i586.rpm 342295e2fe6f1ec99890d08ec280b004 mes5/i586/libgnutls-devel-2.4.1-2.7mdvmes5.2.i586.rpm e00df4c4bf35636194532f0b4a900901 mes5/SRPMS/gnutls-2.4.1-2.7mdvmes5.2.src.rpm
2010.1 i586
2bfd265514dab79f39f776dbd582df72 2010.1/i586/gnutls-2.8.6-1.2mdv2010.2.i586.rpm 62167460d1ac31b2e7d54bc0a5f98ab5 2010.1/i586/libgnutls26-2.8.6-1.2mdv2010.2.i586.rpm 043750d56eb108f763317746ce920a85 2010.1/i586/libgnutls-devel-2.8.6-1.2mdv2010.2.i586.rpm 13ee1e088f22ffabfe82b81e00f9e799 2010.1/SRPMS/gnutls-2.8.6-1.2mdv2010.2.src.rpm
2011 x86_64
bdd5be3403f8530f39f97ce90bad898e 2011/x86_64/gnutls-2.12.8-0.2-mdv2011.0.x86_64.rpm 51e3ada87157880774baab204af5a743 2011/x86_64/lib64gnutls26-2.12.8-0.2-mdv2011.0.x86_64.rpm 51b6cbff72d89135a680da20cf5df143 2011/x86_64/lib64gnutls-devel-2.12.8-0.2-mdv2011.0.x86_64.rpm 4f9a99872bdd82fe2a2b597ea32d70af 2011/x86_64/lib64gnutls-ssl27-2.12.8-0.2-mdv2011.0.x86_64.rpm 41e127901e9fe3e84bf5ead8096c1665 2011/SRPMS/gnutls-2.12.8-0.2.src.rpm
2011 i586
6bb123df1f3176c25bb16105dc4fe7f3 2011/i586/gnutls-2.12.8-0.2-mdv2011.0.i586.rpm 23136ce1d38388653c690920c3baeb52 2011/i586/libgnutls26-2.12.8-0.2-mdv2011.0.i586.rpm 7561fb656d238acc33c6b61f20ddc8e9 2011/i586/libgnutls-devel-2.12.8-0.2-mdv2011.0.i586.rpm 5c0d0353c2ae4ec477b85d0194bf5872 2011/i586/libgnutls-ssl27-2.12.8-0.2-mdv2011.0.i586.rpm 41e127901e9fe3e84bf5ead8096c1665 2011/SRPMS/gnutls-2.12.8-0.2.src.rpm
MES5 x86_64
29fa0ac0deb42e8e6c6b947487ef323f mes5/x86_64/gnutls-2.4.1-2.7mdvmes5.2.x86_64.rpm 21539a631a3cdb64e47537709524f5eb mes5/x86_64/lib64gnutls26-2.4.1-2.7mdvmes5.2.x86_64.rpm 1da550d6eb22b8014359eaa80be49ed1 mes5/x86_64/lib64gnutls-devel-2.4.1-2.7mdvmes5.2.x86_64.rpm e00df4c4bf35636194532f0b4a900901 mes5/SRPMS/gnutls-2.4.1-2.7mdvmes5.2.src.rpm
2010.1 x86_64
6b57aa2034c33232fe12b1b2953e242c 2010.1/x86_64/gnutls-2.8.6-1.2mdv2010.2.x86_64.rpm b2303b9b8dbff9a4755c561f601813f4 2010.1/x86_64/lib64gnutls26-2.8.6-1.2mdv2010.2.x86_64.rpm af7670014b92577273944140cabe1b6f 2010.1/x86_64/lib64gnutls-devel-2.8.6-1.2mdv2010.2.x86_64.rpm 13ee1e088f22ffabfe82b81e00f9e799 2010.1/SRPMS/gnutls-2.8.6-1.2mdv2010.2.src.rpm