gnutls-1.4.1-16.0.1.AXS3
エラータID: AXSA:2014-378:02
リリース日:
2014/06/09 Monday - 18:39
題名:
gnutls-1.4.1-16.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2014-3466,CVE-2014-3467, CVE-2014-3468,CVE-2014-3469 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-3466
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVE-2014-3468
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVE-2014-3469
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-1.4.1-16.0.1.AXS3.src.rpm
MD5: 9cbd656a8708e8e7638971c8c72ee3c7
SHA-256: 1bde3b203d430766ebf5a31b838a2aa8283f95e459602d044064bfaf496c94ac
Size: 3.90 MB
Asianux Server 3 for x86
- gnutls-1.4.1-16.0.1.AXS3.i386.rpm
MD5: c96e74274c2461ad826319dd58e6fc53
SHA-256: 90f6b83e1d9dab86184ec18197ef7dd350a7ceff0ffbaa3e7e9161300b8cfd88
Size: 374.92 kB - gnutls-devel-1.4.1-16.0.1.AXS3.i386.rpm
MD5: 83a67f5856f829380c908798e833d749
SHA-256: 5dd04ca0d2f7bbcb061010bf044cc0534b0c5eff46fb4d3f5fb6b7acca393388
Size: 918.00 kB
Asianux Server 3 for x86_64
- gnutls-1.4.1-16.0.1.AXS3.x86_64.rpm
MD5: 59e172efcd2898f96b58519ca73eef29
SHA-256: ce74373645bca4182070f0077e323679e115c6dc1e3d7d0db7336681b21f01f9
Size: 388.58 kB - gnutls-devel-1.4.1-16.0.1.AXS3.x86_64.rpm
MD5: 0db85dbdc03b674134ff6671ed72a04a
SHA-256: 54dd76c604db7d6786553a50f75722e960727bdbf12420f1ef4b778289421514
Size: 937.72 kB