Security update for gnutls (important)

2014-06-05T03:04:15
ID SUSE-SU-2014:0758-1
Type suse
Reporter Suse
Modified 2014-06-05T03:04:15

Description

GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed.

Further information is available at <a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a> <<a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>

These security issues have been fixed:

   * Possible memory corruption during connect (CVE-2014-3466)
   * Multiple boundary check issues could allow DoS (CVE-2014-3467)
   * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
   * Possible DoS by NULL pointer dereference (CVE-2014-3469)