Mailinglist Archive: opensuse-security-announce (32 mails)

< Previous Next >
[security-announce] SUSE-SU-2014:0758-2: important: Security update for GnuTLS
SUSE Security Update: Security update for GnuTLS

Announcement ID: SUSE-SU-2014:0758-2
Rating: important
References: #880730 #880910
Cross-References: CVE-2014-3466
Affected Products:
SUSE Manager 1.7 for SLE 11 SP2

An update that solves one vulnerability and has one errata
is now available.


GnuTLS has been patched to ensure proper parsing of session ids during the
TLS/SSL handshake. Additionally three issues inherited from libtasn1 have
been fixed.

Further information is available at

These security issues have been fixed:

* Possible memory corruption during connect (CVE-2014-3466)
* Multiple boundary check issues could allow DoS (CVE-2014-3467)
* asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
* Possible DoS by NULL pointer dereference (CVE-2014-3469)

Security Issue references:

* CVE-2014-3466

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Manager 1.7 for SLE 11 SP2:

zypper in -t patch sleman17sp2-gnutls-9319

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Manager 1.7 for SLE 11 SP2 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages