GnuTLS was patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally three issues inherited from libtasn1 were
fixed.
* Possible memory corruption during connect. (CVE-2014-3466)
* Multiple boundary check issues could allow DoS. (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length. (CVE-2014-3468)
* Possible DoS by NULL pointer dereference. (CVE-2014-3469)
Further information is available at
<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>
<<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>> .
Security Issues references:
* CVE-2014-3466
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466</a>>
* CVE-2014-3467
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467</a>>
* CVE-2014-3468
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468</a>>
* CVE-2014-3469
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469</a>>