Content-Transfer-Encoding: |
7bit |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Tue, 3 Jun 2014 17:21:55 +0000 |
MIME-Version: |
1.0 |
Content-Type: |
text/plain; charset="utf-8" |
Reply-To: |
|
Parts/Attachments: |
|
|
Synopsis: Important: gnutls security update
Advisory ID: SLSA-2014:0595-1
Issue Date: 2014-06-03
CVE Numbers: CVE-2014-3466
--
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--
SL6
x86_64
gnutls-2.8.5-14.el6_5.i686.rpm
gnutls-2.8.5-14.el6_5.x86_64.rpm
gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
gnutls-debuginfo-2.8.5-14.el6_5.x86_64.rpm
gnutls-utils-2.8.5-14.el6_5.x86_64.rpm
gnutls-devel-2.8.5-14.el6_5.i686.rpm
gnutls-devel-2.8.5-14.el6_5.x86_64.rpm
gnutls-guile-2.8.5-14.el6_5.i686.rpm
gnutls-guile-2.8.5-14.el6_5.x86_64.rpm
i386
gnutls-2.8.5-14.el6_5.i686.rpm
gnutls-debuginfo-2.8.5-14.el6_5.i686.rpm
gnutls-utils-2.8.5-14.el6_5.i686.rpm
gnutls-devel-2.8.5-14.el6_5.i686.rpm
gnutls-guile-2.8.5-14.el6_5.i686.rpm
- Scientific Linux Development Team
|
|
|