SUSE-SU-2015:0675-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0675-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0675-1
- Related
- Published
- 2014-06-03T20:02:07Z
- Modified
- 2014-06-03T20:02:07Z
- Summary
- Security update for gnutls
- Details
-
GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally, three issues inherited from libtasn1 have been fixed.
Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
These security issues have been fixed:
* Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469)Security Issue references:
* CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150675-1/
- https://bugzilla.suse.com/821818
- https://bugzilla.suse.com/835760
- https://bugzilla.suse.com/865804
- https://bugzilla.suse.com/865993
- https://bugzilla.suse.com/880730
- https://bugzilla.suse.com/880910
- https://bugzilla.suse.com/919938
- https://bugzilla.suse.com/921684
- https://www.suse.com/security/cve/CVE-2009-5138
- https://www.suse.com/security/cve/CVE-2013-2116
- https://www.suse.com/security/cve/CVE-2014-0092
- https://www.suse.com/security/cve/CVE-2014-3466
- https://www.suse.com/security/cve/CVE-2014-8155
- https://www.suse.com/security/cve/CVE-2015-0282
- https://www.suse.com/security/cve/CVE-2015-0294