Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1518-1

Опубликовано: 24 авг. 2015
Источник: suse-cvrf

Описание

Security update for gnutls

gnutls was updated to fix several security vulnerabilities.

  • fix double free in certificate DN decoding (GNUTLS-SA-2015-3)(bsc#941794,CVE-2015-6251)
  • fix invalid read in octet string in bundled libtasn1 (bsc#929414,CVE-2015-3622)
  • fix ServerKeyExchange signature issue (GNUTLS-SA-2015-2)(bsc#929690)

Список пакетов

SUSE Linux Enterprise Desktop 12
gnutls-3.2.15-11.1
libgnutls28-3.2.15-11.1
libgnutls28-32bit-3.2.15-11.1
SUSE Linux Enterprise Server 12
gnutls-3.2.15-11.1
libgnutls-openssl27-3.2.15-11.1
libgnutls28-3.2.15-11.1
libgnutls28-32bit-3.2.15-11.1
SUSE Linux Enterprise Server for SAP Applications 12
gnutls-3.2.15-11.1
libgnutls-openssl27-3.2.15-11.1
libgnutls28-3.2.15-11.1
libgnutls28-32bit-3.2.15-11.1
SUSE Linux Enterprise Software Development Kit 12
libgnutls-devel-3.2.15-11.1
libgnutls-openssl-devel-3.2.15-11.1
libgnutlsxx-devel-3.2.15-11.1
libgnutlsxx28-3.2.15-11.1

Ссылки

Описание

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:gnutls-3.2.15-11.1
SUSE Linux Enterprise Desktop 12:libgnutls28-3.2.15-11.1
SUSE Linux Enterprise Desktop 12:libgnutls28-32bit-3.2.15-11.1
SUSE Linux Enterprise Server 12:gnutls-3.2.15-11.1
Ссылки

Описание

Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:gnutls-3.2.15-11.1
SUSE Linux Enterprise Desktop 12:libgnutls28-3.2.15-11.1
SUSE Linux Enterprise Desktop 12:libgnutls28-32bit-3.2.15-11.1
SUSE Linux Enterprise Server 12:gnutls-3.2.15-11.1
Ссылки