Fedora has issued an advisory on October 27:
The issue is fixed upstream in 3.1.15 and 3.2.5.
Mageia 3 is also affected. Mageia 2 is not.
Steps to Reproduce:
Updated packages uploaded for Mageia 3 and Cauldron.
Updated gnutls packages fix security vulnerability:
A DNS server that returns more 4 DANE entries could corrupt the memory of a
requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5
This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs.
Updated packages in core/updates_testing:
Just in case anyone wonders, I updated to 3.1.16 because it fixed a regression in the CVE-2013-4466 fix in 3.1.15. This regression itself was allocated CVE-2013-4487, which we don't need to add to our advisory, since we never issued an update for 3.1.15.
"gnutls-cli www.mageia.org" shows handshake works. Then type anything and get a 400 error from mageia server, it shows the connection works.
Testing complete mga2 32 & 64
Could sysadmin please push from 3 core/updates_testing to updates
advisory has_procedure =>
advisory has_procedure mga2-32-ok mga2-64-okCC:
oops mga3 above :D
advisory has_procedure mga2-32-ok mga2-64-ok =>
advisory has_procedure mga3-32-ok mga3-64-ok