Описание
ELSA-2012-0429: gnutls security update (IMPORTANT)
[2.8.5-4.2]
- fix CVE-2012-1573 - security issue in packet parsing (#805432)
- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
gnutls
2.8.5-4.el6_2.2
gnutls-devel
2.8.5-4.el6_2.2
gnutls-guile
2.8.5-4.el6_2.2
gnutls-utils
2.8.5-4.el6_2.2
Oracle Linux i686
gnutls
2.8.5-4.el6_2.2
gnutls-devel
2.8.5-4.el6_2.2
gnutls-guile
2.8.5-4.el6_2.2
gnutls-utils
2.8.5-4.el6_2.2
Связанные CVE
Связанные уязвимости
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.