MGASA-2014-0248

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0248.html

Import Source

https://advisories.mageia.org/MGASA-2014-0248.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0248

Related

Published

2014-06-02T18:47:21Z

Modified

2014-06-02T18:47:16Z

Summary

Updated gnutls packages fix CVE-2104-3465-6

Details

Updated gnutls packages fix security vulnerabilities:

A NULL pointer dereference flaw was discovered in GnuTLS's gnutlsx509dnoidname(). The function, when called with the GNUTLSX509DNOIDRETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs (CVE-2014-3465).

A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code (CVE-2014-3466).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-1.3.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.16-1.3.mga3

Ecosystem specific

{
    "section": "core"
}