| Summary: | Update Request: Updated gnutls to fix CVE-2011-4128: Possible buffer overflow/Denial of service | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Funda Wang <fundawang> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.gnu.org/software/gnutls/security.html | ||
| Whiteboard: | |||
| Source RPM: | gnutls-2.10.5-2.1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Funda Wang
2011-12-12 04:47:55 CET
Testing complete on i586 for the srpm gnutls-2.10.5-2.1.mga1.src.rpm No POC for the vulnerability, so just confirming aria2c https://www.google.com/ works. CC:
(none) =>
davidwhodgins The following 3 packages are going to be installed: - gnutls-2.10.5-2.1.mga1.x86_64 - lib64gnutls-devel-2.10.5-2.1.mga1.x86_64 - lib64gnutls26-2.10.5-2.1.mga1.x86_64 $ aria2c https://www.google.com Status Legend: (OK):download completed. Testing complete x86_64. Advisory =============== A vulnerability has been discovered and corrected in gnutls: * The gnutls_session_get_data function in the GnuTLS library before 3.0.6 or before 2.12.13 on the 2.12.x branch could overflow a too-short buffer parameter allocated by the caller. The test to avoid the buffer overflow was not working correctly (CVE-2011-4128). The updated package has been patched to fix this issue, plus some other small fixes from upstream. =============== SRPM: gnutls-2.10.5-2.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou! Keywords:
(none) =>
validated_update Update pushed. Status:
NEW =>
RESOLVED |