Date: Thu, 24 Oct 2013 16:04:10 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: gnutls/libdane buffer overflow Hi, GNUTLS just posted a security adivsory which needs a CVE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3 Denial of service This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. Recommendation: Upgrade to the latest gnutls version (3.1.15 or 3.2.5) Commit for 3.1: https://gitorious.org/gnutls/gnutls/commit/916deedf41604270ac398314809e8377476433db Commit for 3.2: https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3 Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.