Security update for GnuTLS (important)

2014-06-13T00:04:29
ID SUSE-SU-2014:0788-1
Type suse
Reporter Suse
Modified 2014-06-13T00:04:29

Description

GnuTLS was patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 were fixed.

   * Possible memory corruption during connect. (CVE-2014-3466)
   * Multiple boundary check issues could allow DoS. (CVE-2014-3467)
   * asn1_get_bit_der() can return negative bit length. (CVE-2014-3468)
   * Possible DoS by NULL pointer dereference. (CVE-2014-3469)

Further information is available at <a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a> <<a rel="nofollow" href="http://www.gnutls.org/security.html#GNUTLS-SA-2014-3">http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>> .

Security Issues references:

   * CVE-2014-3466
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466&lt;/a&gt;&gt;
   * CVE-2014-3467
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467&lt;/a&gt;&gt;
   * CVE-2014-3468
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468&lt;/a&gt;&gt;
   * CVE-2014-3469
     &lt;&lt;a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469"&gt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469&lt;/a&gt;&gt;