Red.Hat.Update.for.gnutls.RHSA-2014-0595

description-logoDescription

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. (CVE-2014-3466)

affected-products-logoAffected Products

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)

Impact logoImpact

This vulnerability could allow an attacker to gain unauthorized access to sensitive information, or cause a denial of service condition on a vulnerable system.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in http://rhn.redhat.com/errata/RHSA-2014-0595.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)