Updated gnutls package fixes security vulnerability
Publication date: 30 Nov 2013Modification date: 30 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4466
Description
A DNS server that returns more 4 DANE entries could corrupt the memory of
a requesting client using the DANE library from GnuTLS before 3.1.15 and
3.2.5 (CVE-2013-4466).
This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs
References
- https://bugs.mageia.org/show_bug.cgi?id=11561
- http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
- http://lists.gnutls.org/pipermail/gnutls-help/2013-August/003216.html
- http://lists.gnutls.org/pipermail/gnutls-help/2013-October/003250.html
- http://lists.gnutls.org/pipermail/gnutls-help/2013-October/003262.html
- https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119788.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4466
SRPMS
3/core
- gnutls-3.1.16-1.mga3