SCIENTIFIC-LINUX-ERRATA Archives

November 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Transfer-Encoding:
7bit
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Subject:
Security ERRATA Moderate: gnutls on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Date:
Wed, 12 Nov 2014 15:19:50 +0000
MIME-Version:
1.0
Content-Type:
text/plain; charset="utf-8"
Reply-To:
[log in to unmask]
Parts/Attachments:
text/plain (34 lines) 
Synopsis:          Moderate: gnutls security update
Advisory ID:       SLSA-2014:1846-1
Issue Date:        2014-11-12
CVE Numbers:       CVE-2014-8564
--

An out-of-bounds memory write flaw was found in the way GnuTLS parsed
certain ECC (Elliptic Curve Cryptography) certificates or certificate
signing requests (CSR). A malicious user could create a specially crafted
ECC certificate or a certificate signing request that, when processed by
an application compiled against GnuTLS (for example, certtool), could
cause that application to crash or execute arbitrary code with the
permissions of the user running the application. (CVE-2014-8564)

For the update to take effect, all applications linked to the GnuTLS or
libtasn1 library must be restarted.
--

SL7
  x86_64
    gnutls-3.1.18-10.el7_0.i686.rpm
    gnutls-3.1.18-10.el7_0.x86_64.rpm
    gnutls-dane-3.1.18-10.el7_0.i686.rpm
    gnutls-dane-3.1.18-10.el7_0.x86_64.rpm
    gnutls-debuginfo-3.1.18-10.el7_0.i686.rpm
    gnutls-debuginfo-3.1.18-10.el7_0.x86_64.rpm
    gnutls-utils-3.1.18-10.el7_0.x86_64.rpm
    gnutls-c++-3.1.18-10.el7_0.i686.rpm
    gnutls-c++-3.1.18-10.el7_0.x86_64.rpm
    gnutls-devel-3.1.18-10.el7_0.i686.rpm
    gnutls-devel-3.1.18-10.el7_0.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2