SUSE-SU-2014:0800-1: important: Security update for GnuTLS

sle-updates at sle-updates at
Mon Jun 16 10:04:10 MDT 2014

   SUSE Security Update: Security update for GnuTLS

Announcement ID:    SUSE-SU-2014:0800-1
Rating:             important
References:         #554084 #670152 #802651 #880730 #880910 
Cross-References:   CVE-2013-1619 CVE-2014-3466 CVE-2014-3467
                    CVE-2014-3468 CVE-2014-3469
Affected Products:
                    SUSE CORE 9

   An update that fixes 5 vulnerabilities is now available.


   GnuTLS has been patched to ensure proper parsing of session ids during the
   TLS/SSL handshake. Additionally three issues inherited from libtasn1 have
   been fixed.

   Further information is available at

   These security issues have been fixed:

       * Possible memory corruption during connect (CVE-2014-3466)
       * Multiple boundary check issues could allow DoS (CVE-2014-3467)
       * asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
       * Possible DoS by NULL pointer dereference (CVE-2014-3469)
       * Possible timing side-channel attack (Lucky 13) (CVE-2013-1619)

   One additional bug has been fixed:

       * Allow unsafe renegotiation (bnc#554084)

   Security Issue references:

       * CVE-2014-3466
       * CVE-2014-3467
       * CVE-2014-3468
       * CVE-2014-3469
       * CVE-2013-1619

Package List:

   - SUSE CORE 9 (i586 s390 s390x x86_64):



More information about the sle-updates mailing list