[Frugalware-security] [ FSA-453 ] gnutls
vmiklos at frugalware.org
Sun May 25 14:35:45 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-453
Vulnerable versions: <= 2.2.0-1
Unaffected versions: >= 2.2.5-1kalgan1
Related bugreport: http://bugs.frugalware.org/task/3100
Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
1) A boundary error exists in the processing "Client Hello" messages containing a "Server Name" extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet.
Successful exploitation may allow execution of arbitrary code.
2) A NULL-pointer dereference error in the processing of TLS packets containing multiple "Client Hello" messages can be exploited to crash an affected application.
3) A signedness error exists within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.
Check if you have gnutls installed:
# pacman-g2 -Q gnutls
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy gnutls
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security