Updated gnutls package fix security vulnerability
Publication date: 15 Nov 2014Modification date: 15 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8564
Description
An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).
References
SRPMS
3/core
- gnutls-3.1.16-1.4.mga3
4/core
- gnutls-3.2.7-1.4.mga4