4466 matches found
Moderate: Red Hat Security Advisory: libtasn1 security update
Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
libtasn1: multiple boundary check issues
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service out-of-bounds read via crafted ASN.1 data...
CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
Buffer overflow
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
CVE-2014-3466
CVE-2014-3466: A buffer overflow in GnuTLS reads the ServerHello session ID, enabling memory corruption and potential code execution. Affected: GnuTLS in various 3.1.x/3.2.x/3.3.x lines (before 3.1.25, 3.2.15, 3.3.4). Impact: denial of service or possible remote code execution via a crafted Serve...
CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
GnuTLS Patches Critical Remote Code Execution Bug
GnuTLS, an open source cryptographic library, was a headliner in March because of a critical certificate verification vulnerability that some erroneously put in the same class as Apple’s infamous gotofail bug. The library, used in a number of Linux distributions including Red Hat, Debian and...
gnutls security update
2.8.5-14 - fix session ID length check 1102024...
Ubuntu 14.04 LTS : GnuTLS vulnerability (USN-2229-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2229-1 advisory. Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to...
gnutls security update
1.4.1-16 - added missing check for null pointer 1102355 1.4.1-15 - fix session ID length check and null pointer dereference 1102355 - fix minitasn1 issues 1102355 - Renamed gnutls-1.4.1-cve-2014-5138.patch to cve-2009-5138.patch...
Updated gnutls packages fix CVE-2104-3465-6
Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...
MGASA-2014-0248 Updated gnutls packages fix CVE-2104-3465-6
Updated gnutls packages fix security vulnerabilities: A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname. The function, when called with the GNUTLSX509DNOIDRETURNOID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509...
USN-2229-1: GnuTLS vulnerability
Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...
[oss-security] GnuTLS and libtasn1 security fixes
Hi! New GnuTLS and libtasn1 versions fix few issues you might be interested to look at: http://www.gnutls.org/security.htmlGNUTLS-SA-2014-3 https://bugzilla.redhat.com/showbug.cgi?id=CVE-2014-3465 https://bugzilla.redhat.com/showbug.cgi?id=CVE-2014-3466...
GnuTLS and libtasn1 multiple security vulnerabilities
Buffer overflows, integer overflows, NULL pointer dereference...
CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
UBUNTU-CVE-2014-3466
Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...
gnutls -- client-side memory corruption
GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client...