GnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally three issues inherited from libtasn1 have
been fixed.
Further information is available at
<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>
<<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>
These security issues have been fixed:
* Possible memory corruption during connect (CVE-2014-3466)
* Multiple boundary check issues could allow DoS (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
* Possible DoS by NULL pointer dereference (CVE-2014-3469)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE Manager 1.7 for SLE | 11.2 | x86_64 | libgnutls26-32bit | < 2.4.1-24.39.51.1 | libgnutls26-32bit-2.4.1-24.39.51.1.x86_64.rpm |
SUSE Manager 1.7 for SLE | 11.2 | x86_64 | libgnutls-extra26 | < 2.4.1-24.39.51.1 | libgnutls-extra26-2.4.1-24.39.51.1.x86_64.rpm |
SUSE Manager 1.7 for SLE | 11.2 | x86_64 | libgnutls26 | < 2.4.1-24.39.51.1 | libgnutls26-2.4.1-24.39.51.1.x86_64.rpm |
SUSE Manager 1.7 for SLE | 11.2 | x86_64 | gnutls | < 2.4.1-24.39.51.1 | gnutls-2.4.1-24.39.51.1.x86_64.rpm |