Debian: DSA-1581-1 Critical: Gnutls Heap Overflow Causes Remote Exploit
debian
May 20, 2008
A pre-authentication heap overflow involving oversized session
resumption data may lead to arbitrary code execution (CVE-2008-1948).
Topics Covered
Summary
The following vulnerabilities have been identified:
A pre-authentication heap overflow involving oversized session
resumption data may lead to arbitrary code execution (CVE-2008-1948).
Repeated client hellos may result in a pre-authentication denial of
service condition due to a null pointer dereference (CVE-2008-1949).
Decoding cipher padding with an invalid record length may cause GNUTLS
to read memory beyond the end of the received record, leading to a
pre-authentication denial of service condition (CVE-2008-1950).
For the stable distribution (etch), these problems have been fixed in
version 1.4.4-3+etch1. (Builds for the arm architecture are currently
not available and will be released later.)
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your GNUTLS packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you a...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!