gnutls

• Vulnerable: 2.2.0-1
• Unaffected: 2.2.5-1kalgan1

Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.

1. A boundary error exists in the processing “Client Hello” messages containing a “Server Name” extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet. Successful exploitation may allow execution of arbitrary code.
2. A NULL-pointer dereference error in the processing of TLS packets containing multiple “Client Hello” messages can be exploited to crash an affected application.
3. A signedness error exists within the “_gnutls_ciphertext2compressed()” function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.

• Bug Tracker URL: http://bugs.frugalware.org/task/3100

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950