Red.Hat.Update.for.gnutls.RHSA-2014-0595
Description
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. (CVE-2014-3466)
Affected Products
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
Impact
This vulnerability could allow an attacker to gain unauthorized access to sensitive information, or cause a denial of service condition on a vulnerable system.
Recommended Actions
Please download and apply patches as instructed in http://rhn.redhat.com/errata/RHSA-2014-0595.html.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |