[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Tue, 20 May 2008 15:02:42 +0100 (BST)
From: Mark J Cox <mjc@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE ID request: GNUTLS
> Several issues have been announced in GNUTLS-SA-2008-1:
I've not been able to get hold of Steve Chrisey today to get names
allocated, but many of us have updates queued. So I've allocated from
our CNA and will page Steve with the names to try to avoid any
duplicates when he returns.
> *** [GNUTLS-SA-2008-1-1]
> *** libgnutls: Fix crash when sending invalid server name.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server. The bug
> cause gnutls to store more session resumption data than what was
> allocated for, thus overwriting unallocated memory.
CVE-2008-1948 GNUTLS-SA-2008-1-1
> *** [GNUTLS-SA-2008-1-2]
> *** libgnutls: Fix crash when sending repeated client hellos.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server. The bug
> triggers a null-pointer dereference.
CVE-2008-1949 GNUTLS-SA-2008-1-2 (NULL deference)
> *** [GNUTLS-SA-2008-1-3]
> *** libgnutls: Fix crash in cipher padding decoding for invalid record
> *** lengths.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server. The bug
> cause gnutls to read memory beyond the end of the received record.
CVE-2008-1950 GNUTLS-SA-2008-1-3 (read mem OOB)
Mark
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux