GnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally three issues inherited from libtasn1 have
been fixed.
Further information is available at
<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>
<<a href=“http://www.gnutls.org/security.html#GNUTLS-SA-2014-3”>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</a>>
These security issues have been fixed:
* Possible memory corruption during connect (CVE-2014-3466)
* Multiple boundary check issues could allow DoS (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
* Possible DoS by NULL pointer dereference (CVE-2014-3469)
* Possible timing side-channel attack (Lucky 13) (CVE-2013-1619)
One additional bug has been fixed:
* Allow unsafe renegotiation (bnc#554084)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
SUSE CORE | 9 | i586 | gnutls | < 1.0.8-26.32 | gnutls-1.0.8-26.32.i586.rpm |
SUSE CORE | 9 | x86_64 | gnutls | < 1.0.8-26.32 | gnutls-1.0.8-26.32.x86_64.rpm |
SUSE CORE | 9 | x86_64 | gnutls-devel | < 1.0.8-26.32 | gnutls-devel-1.0.8-26.32.x86_64.rpm |
SUSE CORE | 9 | s390x | gnutls-devel | < 1.0.8-26.32 | gnutls-devel-1.0.8-26.32.s390x.rpm |
SUSE CORE | 9 | s390 | gnutls | < 1.0.8-26.32 | gnutls-1.0.8-26.32.s390.rpm |
SUSE CORE | 9 | s390 | gnutls-devel | < 1.0.8-26.32 | gnutls-devel-1.0.8-26.32.s390.rpm |
SUSE CORE | 9 | s390x | gnutls | < 1.0.8-26.32 | gnutls-1.0.8-26.32.s390x.rpm |
SUSE CORE | 9 | i586 | gnutls-devel | < 1.0.8-26.32 | gnutls-devel-1.0.8-26.32.i586.rpm |