Package name
gnutls
Date
2013-05-30
Advisory ID
MDVSA-2013:171
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in gnutls:

A flaw was found in the way GnuTLS decrypted TLS record packets when
using CBC encryption. The number of pad bytes read form the packet
was not checked against the cipher text size, resulting in an out of
bounds read. This could cause a TLS client or server using GnuTLS to
crash (CVE-2013-2116).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 e15cc4fbecb40fa5a0e45722ae69e62d  mes5/i586/gnutls-2.4.1-2.9mdvmes5.2.i586.rpm
 0cdf4df237294321e66a5bd6fdd7a2e7  mes5/i586/libgnutls26-2.4.1-2.9mdvmes5.2.i586.rpm
 05b89e124200abd96670015069483f1f  mes5/i586/libgnutls-devel-2.4.1-2.9mdvmes5.2.i586.rpm 
 916a8c1c13f5c2f12693a97cd33dfdf1  mes5/SRPMS/gnutls-2.4.1-2.9mdvmes5.2.src.rpm

MES5 x86_64

 9ba0af4a21b4d82f49063bca05ad26a3  mes5/x86_64/gnutls-2.4.1-2.9mdvmes5.2.x86_64.rpm
 ec31286c02a0228ca592192b4c8cb86c  mes5/x86_64/lib64gnutls26-2.4.1-2.9mdvmes5.2.x86_64.rpm
 a0ba53e991ded4a6c7d0514316763514  mes5/x86_64/lib64gnutls-devel-2.4.1-2.9mdvmes5.2.x86_64.rpm 
 916a8c1c13f5c2f12693a97cd33dfdf1  mes5/SRPMS/gnutls-2.4.1-2.9mdvmes5.2.src.rpm

References