A vulnerability has been discovered and corrected in gnutls: * The gnutls_session_get_data function in the GnuTLS library before 3.0.6 or before 2.12.13 on the 2.12.x branch could overflow a too-short buffer parameter allocated by the caller. The test to avoid the buffer overflow was not working correctly (CVE-2011-4128). The updated package has been patched to fix this issue, plus some other small fixes from upstream.
Testing complete on i586 for the srpm gnutls-2.10.5-2.1.mga1.src.rpm No POC for the vulnerability, so just confirming aria2c https://www.google.com/ works.
CC: (none) => davidwhodgins
The following 3 packages are going to be installed: - gnutls-2.10.5-2.1.mga1.x86_64 - lib64gnutls-devel-2.10.5-2.1.mga1.x86_64 - lib64gnutls26-2.10.5-2.1.mga1.x86_64 $ aria2c https://www.google.com Status Legend: (OK):download completed. Testing complete x86_64. Advisory =============== A vulnerability has been discovered and corrected in gnutls: * The gnutls_session_get_data function in the GnuTLS library before 3.0.6 or before 2.12.13 on the 2.12.x branch could overflow a too-short buffer parameter allocated by the caller. The test to avoid the buffer overflow was not working correctly (CVE-2011-4128). The updated package has been patched to fix this issue, plus some other small fixes from upstream. =============== SRPM: gnutls-2.10.5-2.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED