[Frugalware-security] [ FSA-453 ] gnutls
Miklos Vajna
vmiklos at frugalware.org
Sun May 25 14:35:45 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-453
Date: 2008-05-25
Package: gnutls
Vulnerable versions: <= 2.2.0-1
Unaffected versions: >= 2.2.5-1kalgan1
Related bugreport: http://bugs.frugalware.org/task/3100
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Description
===========
Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
1) A boundary error exists in the processing "Client Hello" messages containing a "Server Name" extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet.
Successful exploitation may allow execution of arbitrary code.
2) A NULL-pointer dereference error in the processing of TLS packets containing multiple "Client Hello" messages can be exploited to crash an affected application.
3) A signedness error exists within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.
Updated Packages
================
Check if you have gnutls installed:
# pacman-g2 -Q gnutls
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy gnutls
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/453
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkg5XSEACgkQZ7NElSD1VhnUFwCfSvO32yT1zyt3OEh00HZubzVU
fYsAnjFljSStt1m0/hHNneWlLBrUdzqq
=+R1+
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list