Advisories » MGASA-2014-0458

Updated gnutls package fix security vulnerability

Publication date: 15 Nov 2014
Modification date: 15 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8564

Description

An out-of-bounds memory write flaw was found in the way GnuTLS parsed
certain ECC (Elliptic Curve Cryptography) certificates or certificate
signing requests (CSR). A malicious user could create a specially crafted
ECC certificate or a certificate signing request that, when processed by an
application compiled against GnuTLS (for example, certtool), could cause
that application to crash or execute arbitrary code with the permissions of
the user running the application (CVE-2014-8564).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14527
• http://www.gnutls.org/security.html#GNUTLS-SA-2014-5
• https://rhn.redhat.com/errata/RHSA-2014-1846.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564

SRPMS

3/core

• gnutls-3.1.16-1.4.mga3

4/core

• gnutls-3.2.7-1.4.mga4