[security-announce] SUSE-SU-2014:0788-2: important: Security update for GnuTLS

SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0788-2 Rating: important References: #880730 #880910 Cross-References: CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed. Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 <http://www.gnutls.org/security.html#GNUTLS-SA-2014-3> These security issues have been fixed: * Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) Security Issue references: * CVE-2014-3466 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466> Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): gnutls-1.2.10-13.40.1 gnutls-devel-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): gnutls-32bit-1.2.10-13.40.1 gnutls-devel-32bit-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): gnutls-1.2.10-13.40.1 gnutls-devel-1.2.10-13.40.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): gnutls-32bit-1.2.10-13.40.1 gnutls-devel-32bit-1.2.10-13.40.1 References: http://support.novell.com/security/cve/CVE-2014-3466.html http://support.novell.com/security/cve/CVE-2014-3467.html http://support.novell.com/security/cve/CVE-2014-3468.html http://support.novell.com/security/cve/CVE-2014-3469.html https://bugzilla.novell.com/880730 https://bugzilla.novell.com/880910 http://download.suse.com/patch/finder/?keywords=3a664138948d527c37403de9fef2... http://download.suse.com/patch/finder/?keywords=ce2995d7d37c598d89a8e91d407b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org