SUSE-SU-2014:0758-2: important: Security update for GnuTLS

sle-updates at sle-updates at
Thu Jun 12 18:04:33 MDT 2014

   SUSE Security Update: Security update for GnuTLS

Announcement ID:    SUSE-SU-2014:0758-2
Rating:             important
References:         #880730 #880910 
Cross-References:   CVE-2014-3466
Affected Products:
                    SUSE Manager 1.7 for SLE 11 SP2

   An update that solves one vulnerability and has one errata
   is now available.


   GnuTLS has been patched to ensure proper parsing of session ids during the
   TLS/SSL handshake. Additionally three issues inherited from libtasn1 have
   been fixed.

   Further information is available at

   These security issues have been fixed:

       * Possible memory corruption during connect (CVE-2014-3466)
       * Multiple boundary check issues could allow DoS (CVE-2014-3467)
       * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
       * Possible DoS by NULL pointer dereference (CVE-2014-3469)

   Security Issue references:

       * CVE-2014-3466

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Manager 1.7 for SLE 11 SP2:

      zypper in -t patch sleman17sp2-gnutls-9319

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Manager 1.7 for SLE 11 SP2 (x86_64):



More information about the sle-updates mailing list