Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 20 May 2008 15:02:42 +0100 (BST)
From: Mark J Cox <mjc@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE ID request: GNUTLS

> Several issues have been announced in GNUTLS-SA-2008-1:

I've not been able to get hold of Steve Chrisey today to get names 
allocated, but many of us have updates queued.  So I've allocated from 
our CNA and will page Steve with the names to try to avoid any
duplicates when he returns.

> *** [GNUTLS-SA-2008-1-1]
> *** libgnutls: Fix crash when sending invalid server name.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server.  The bug
> cause gnutls to store more session resumption data than what was
> allocated for, thus overwriting unallocated memory.

CVE-2008-1948 GNUTLS-SA-2008-1-1

> *** [GNUTLS-SA-2008-1-2]
> *** libgnutls: Fix crash when sending repeated client hellos.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server.  The bug
> triggers a null-pointer dereference.

CVE-2008-1949 GNUTLS-SA-2008-1-2 (NULL deference)

> *** [GNUTLS-SA-2008-1-3]
> *** libgnutls: Fix crash in cipher padding decoding for invalid record
> *** lengths.
> The crash can be triggered remotely before authentication, which can
> lead to a Daniel of Service attack to disable the server.  The bug
> cause gnutls to read memory beyond the end of the received record.

CVE-2008-1950 GNUTLS-SA-2008-1-3 (read mem OOB)

Mark

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ