Fedora 8 : gnutls-1.6.3-3.fc8 (2008-4183)

Fixes critical security issue GNUTLS-SA-2008-1 described here: http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html All applications and system services which utilize gnutls library must be restarted for the updates to take effect. Note that Tenable Network Security has extracted...

RHEL 5 : gnutls (RHSA-2008:0489)

Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as TL...

RHEL 4 : gnutls (RHSA-2008:0492)

Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GnuTLS Library provides support for cryptographic algorithms and protocols such as...

gnutls security update

CentOS Errata and Security Advisory CESA-2008:0489 Updated gnutls packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The GnuTLS Library provides support fo...

Buffer overflow

The gnutlsservernamerecvparams function in lib/extservername.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service crash or...

Design/Logic Flaw

The gnutlsrecvclientkxmessage function in lib/gnutlskx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service NULL dereference and crash v...

CVE-2008-1948

The gnutlsservernamerecvparams function in lib/extservername.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service crash or...

CVE-2008-1949

The gnutlsrecvclientkxmessage function in lib/gnutlskx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service NULL dereference and crash v...

CVE-2008-1948

The gnutlsservernamerecvparams function in lib/extservername.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service crash or...

CVE-2008-1949

The gnutlsrecvclientkxmessage function in lib/gnutlskx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service NULL dereference and crash v...

Integer overflow

Integer signedness error in the gnutlsciphertext2compressed function in lib/gnutlscipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service buffer over-read and crash via a certain integer value in the Random field in an encrypted Client Hello message withi...

USN-613-1: GnuTLS vulnerabilities

Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user...

[SECURITY] Fedora 7 Update: gnutls-1.6.3-3.fc7

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

[SECURITY] Fedora 9 Update: gnutls-2.0.4-3.fc9

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

[SECURITY] Fedora 8 Update: gnutls-1.6.3-3.fc8

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

CVE-2008-1948

CVE-2008-1948 affects GnuTLS before 2.2.4. The _gnutls_server_name_recv_params function in libext_server_name.c within libgnutls/gnutls-serv mishandles the Server Names count in TLS 1.0 Client Hello extensions, causing a buffer overflow in session resumption data and potentially a crash or arbitr...

CVE-2008-1950

CVE-2008-1950 affects the GnuTLS stack (libgnutls) with an integer signedness flaw in _gnutls_ciphertext2compressed, exploitable via a crafted Random field in an encrypted Client Hello within a TLS record with invalid Record Length. This can trigger a buffer over-read and cause a denial of servic...

CVE-2008-1949

The gnutlsrecvclientkxmessage function in lib/gnutlskx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service NULL dereference and crash v...

CVE-2008-1949

CVE-2008-1949 affects the GnuTLS stack (libgnutls in gnutls-serv). The flaw is in _gnutls_recv_client_kx_message, which can erroneously continue processing Client Hello messages within a TLS record after one has been handled, causing a NULL dereference and a crash (denial of service). Affected co...

GnuTLS: Execution of arbitrary code

Background GnuTLS is an implementation of Secure Sockets Layer SSL 3.0 and Transport Layer Security TLS 1.0, 1.1 and 1.2. Description Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS: "Client Hello" messages containing an invalid server name can...