[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-1846 -- Oracle gnutls

ID: oval:org.secpod.oval:def:1500874Date: (C)2015-01-02   (M)2022-10-10
Class: PATCHFamily: unix




Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. Description The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests . A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS , could cause that application to crash or execute arbitrary code with the permissions of the user running the application. Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted.

Platform:
Oracle Linux 7
Product:
gnutls
Reference:
ELSA-2014-1846
CVE-2014-8564
CVE    1
CVE-2014-8564
CPE    87
cpe:/a:gnu:gnutls:3.0.1
cpe:/a:gnu:gnutls:3.0.0
cpe:/a:gnu:gnutls:3.0.3
cpe:/a:gnu:gnutls:3.2.1
...

© SecPod Technologies