Nom du paquet
gnutls
Date
2012-03-30
Advisory ID
MDVSA-2012:045
Affected versions
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in GnuTLS:

Buffer overflow in the gnutls_session_get_data function in
lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before
3.0.7, when used on a client that performs nonstandard session
resumption, allows remote TLS servers to cause a denial of service
(application crash) via a large SessionTicket (CVE-2011-4128).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 c662a0d8e022c7db282e577eac367ccd  mes5/i586/gnutls-2.4.1-2.7mdvmes5.2.i586.rpm
 ee9687cbb56d4a6520d3144ec6a317a3  mes5/i586/libgnutls26-2.4.1-2.7mdvmes5.2.i586.rpm
 342295e2fe6f1ec99890d08ec280b004  mes5/i586/libgnutls-devel-2.4.1-2.7mdvmes5.2.i586.rpm 
 e00df4c4bf35636194532f0b4a900901  mes5/SRPMS/gnutls-2.4.1-2.7mdvmes5.2.src.rpm

2010.1 i586

 2bfd265514dab79f39f776dbd582df72  2010.1/i586/gnutls-2.8.6-1.2mdv2010.2.i586.rpm
 62167460d1ac31b2e7d54bc0a5f98ab5  2010.1/i586/libgnutls26-2.8.6-1.2mdv2010.2.i586.rpm
 043750d56eb108f763317746ce920a85  2010.1/i586/libgnutls-devel-2.8.6-1.2mdv2010.2.i586.rpm 
 13ee1e088f22ffabfe82b81e00f9e799  2010.1/SRPMS/gnutls-2.8.6-1.2mdv2010.2.src.rpm

2011 x86_64

 bdd5be3403f8530f39f97ce90bad898e  2011/x86_64/gnutls-2.12.8-0.2-mdv2011.0.x86_64.rpm
 51e3ada87157880774baab204af5a743  2011/x86_64/lib64gnutls26-2.12.8-0.2-mdv2011.0.x86_64.rpm
 51b6cbff72d89135a680da20cf5df143  2011/x86_64/lib64gnutls-devel-2.12.8-0.2-mdv2011.0.x86_64.rpm
 4f9a99872bdd82fe2a2b597ea32d70af  2011/x86_64/lib64gnutls-ssl27-2.12.8-0.2-mdv2011.0.x86_64.rpm 
 41e127901e9fe3e84bf5ead8096c1665  2011/SRPMS/gnutls-2.12.8-0.2.src.rpm

2011 i586

 6bb123df1f3176c25bb16105dc4fe7f3  2011/i586/gnutls-2.12.8-0.2-mdv2011.0.i586.rpm
 23136ce1d38388653c690920c3baeb52  2011/i586/libgnutls26-2.12.8-0.2-mdv2011.0.i586.rpm
 7561fb656d238acc33c6b61f20ddc8e9  2011/i586/libgnutls-devel-2.12.8-0.2-mdv2011.0.i586.rpm
 5c0d0353c2ae4ec477b85d0194bf5872  2011/i586/libgnutls-ssl27-2.12.8-0.2-mdv2011.0.i586.rpm 
 41e127901e9fe3e84bf5ead8096c1665  2011/SRPMS/gnutls-2.12.8-0.2.src.rpm

MES5 x86_64

 29fa0ac0deb42e8e6c6b947487ef323f  mes5/x86_64/gnutls-2.4.1-2.7mdvmes5.2.x86_64.rpm
 21539a631a3cdb64e47537709524f5eb  mes5/x86_64/lib64gnutls26-2.4.1-2.7mdvmes5.2.x86_64.rpm
 1da550d6eb22b8014359eaa80be49ed1  mes5/x86_64/lib64gnutls-devel-2.4.1-2.7mdvmes5.2.x86_64.rpm 
 e00df4c4bf35636194532f0b4a900901  mes5/SRPMS/gnutls-2.4.1-2.7mdvmes5.2.src.rpm

2010.1 x86_64

 6b57aa2034c33232fe12b1b2953e242c  2010.1/x86_64/gnutls-2.8.6-1.2mdv2010.2.x86_64.rpm
 b2303b9b8dbff9a4755c561f601813f4  2010.1/x86_64/lib64gnutls26-2.8.6-1.2mdv2010.2.x86_64.rpm
 af7670014b92577273944140cabe1b6f  2010.1/x86_64/lib64gnutls-devel-2.8.6-1.2mdv2010.2.x86_64.rpm 
 13ee1e088f22ffabfe82b81e00f9e799  2010.1/SRPMS/gnutls-2.8.6-1.2mdv2010.2.src.rpm

References