Security update for gnutls (important)

ID SUSE-SU-2014:0758-1
Type suse
Reporter Suse
Modified 2014-06-05T03:04:15


GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed.

Further information is available at <a rel="nofollow" href=""></a> <<a rel="nofollow" href=""></a>>

These security issues have been fixed:

   * Possible memory corruption during connect (CVE-2014-3466)
   * Multiple boundary check issues could allow DoS (CVE-2014-3467)
   * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
   * Possible DoS by NULL pointer dereference (CVE-2014-3469)