oss-sec mailing list archives
Re: CVE Request: gnutls/libdane buffer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 24 Oct 2013 18:28:17 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/24/2013 08:04 AM, Marcus Meissner wrote:
Hi, GNUTLS just posted a security adivsory which needs a CVE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3 Denial of service This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. Recommendation: Upgrade to the latest gnutls version (3.1.15 or 3.2.5) Commit for 3.1: https://gitorious.org/gnutls/gnutls/commit/916deedf41604270ac398314809e8377476433db Commit for 3.2: https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3 Ciao, Marcus
Please use CVE-2013-4466 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSabsgAAoJEBYNRVNeJnmT7T8P/iHgZosxSuSlne24Wz/77VoZ NJQCWquH2MfC1GfhQASMIaEBexBZcWGptnCBokP2bLwqQcEOp8Yb3N6AatNkkK9s 7/Taub2hpkwrOHIGSxe/DWnsyKZyFLiUadzByG+mrGlYiYQmXBTIHhkiXC5sYUKs YAvXyJPi+G+cl0ZM1feE5oWCQOocJisR3u2cQmtJDZik2EXrWjfharRT12uB5dzX 4YajH1QA1U9G6nm1iIdCCBO1e5jNseBPwoaEwymTxllERb6ejFA3HCDqXjQoBJIM S6wcnxAWwRQRLYEQwdVKZPJAlrEEPTWk8mAy/CuX6y+DYYWR9UyEFJsfNli4fseW r+KTnf9VyZMHn5SriBvnPo6Oy7NqjOvYotAGjl0zE5CtkP5j3QC02gxpDogcdtzC OE/HWoMOLEG8xCqOc3VJy6i5g12kBuyv5O4MYsjDuMo1GtbLWD+qL03J59jmxg2M 0/EyKeJE6qObflFaIsOaU48PqNZYFIvI34b67487SFv7tg5WbhQYuHT9MUUXIC3I pjGtmtqYIyhQai3DBxb6K7EP7I3TOylmntf+gMCVpFHSOT3h+H8nAr5GdhOIT2p+ 6zzr8p2YMfIrJUagn7kjVsd1remVVvfTkUaRBD8xX7EzZr4NEjf//1ISOeH6mSD1 LiQ5VYuEXb2+jUbD9Z7a =MZwH -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gnutls/libdane buffer overflow Marcus Meissner (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 24)
- Re: CVE Request: gnutls/libdane buffer overflow Tomas Hoger (Oct 31)
- Re: CVE Request: gnutls/libdane buffer overflow Kurt Seifried (Oct 31)