logo
DATABASE RESOURCES PRICING ABOUT US

Important: gnutls

Description

**Issue Overview:** A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) **Affected Packages:** gnutls **Issue Correction:** Run _yum update gnutls_ to update your system. **New Packages:** i686:     gnutls-debuginfo-2.8.5-4.6.amzn1.i686     gnutls-guile-2.8.5-4.6.amzn1.i686     gnutls-utils-2.8.5-4.6.amzn1.i686     gnutls-devel-2.8.5-4.6.amzn1.i686     gnutls-2.8.5-4.6.amzn1.i686 src:     gnutls-2.8.5-4.6.amzn1.src x86_64:     gnutls-2.8.5-4.6.amzn1.x86_64     gnutls-guile-2.8.5-4.6.amzn1.x86_64     gnutls-devel-2.8.5-4.6.amzn1.x86_64     gnutls-utils-2.8.5-4.6.amzn1.x86_64     gnutls-debuginfo-2.8.5-4.6.amzn1.x86_64 ### Additional References Red Hat: [CVE-2011-4128](<https://access.redhat.com/security/cve/CVE-2011-4128>), [CVE-2012-1573](<https://access.redhat.com/security/cve/CVE-2012-1573>) Mitre: [CVE-2011-4128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4128>), [CVE-2012-1573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 gnutls-debuginfo 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-guile 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-utils 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-devel 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-guile 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-devel 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-utils 2.8.5-4.6.amzn1
Amazon Linux 1 gnutls-debuginfo 2.8.5-4.6.amzn1

Related