MGASA-2014-0458

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0458.html

Import Source

https://advisories.mageia.org/MGASA-2014-0458.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0458

Related

CVE-2014-8564

Published

2014-11-15T18:31:46Z

Modified

2014-11-15T18:15:09Z

Summary

Updated gnutls package fix security vulnerability

Details

An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.16-1.4.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-1.4.mga4

Ecosystem specific

{
    "section": "core"
}