gnutls-1.4.1-16.0.1.AXS3
エラータID: AXSA:2014-378:02
Release date:
Monday, June 9, 2014 - 18:39
Subject:
gnutls-1.4.1-16.0.1.AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group.
Security issues fixed with this release:
• CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
• CVE-2014-3467
• CVE-2014-3468
• CVE-2014-3469
No information available at the time of writing, please refer to the CVE links below.
Solution:
Update packages.
CVEs:
CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
Additional Info:
N/A
Download:
SRPMS
- gnutls-1.4.1-16.0.1.AXS3.src.rpm
MD5: 9cbd656a8708e8e7638971c8c72ee3c7
SHA-256: 1bde3b203d430766ebf5a31b838a2aa8283f95e459602d044064bfaf496c94ac
Size: 3.90 MB
Asianux Server 3 for x86
- gnutls-1.4.1-16.0.1.AXS3.i386.rpm
MD5: c96e74274c2461ad826319dd58e6fc53
SHA-256: 90f6b83e1d9dab86184ec18197ef7dd350a7ceff0ffbaa3e7e9161300b8cfd88
Size: 374.92 kB - gnutls-devel-1.4.1-16.0.1.AXS3.i386.rpm
MD5: 83a67f5856f829380c908798e833d749
SHA-256: 5dd04ca0d2f7bbcb061010bf044cc0534b0c5eff46fb4d3f5fb6b7acca393388
Size: 918.00 kB
Asianux Server 3 for x86_64
- gnutls-1.4.1-16.0.1.AXS3.x86_64.rpm
MD5: 59e172efcd2898f96b58519ca73eef29
SHA-256: ce74373645bca4182070f0077e323679e115c6dc1e3d7d0db7336681b21f01f9
Size: 388.58 kB - gnutls-devel-1.4.1-16.0.1.AXS3.x86_64.rpm
MD5: 0db85dbdc03b674134ff6671ed72a04a
SHA-256: 54dd76c604db7d6786553a50f75722e960727bdbf12420f1ef4b778289421514
Size: 937.72 kB
日本語