Launchpad.net

CVE 2014-3466

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Related bugs and status

CVE-2014-3466 (Candidate) is related to these bugs:

Bug #1326779: libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty

Summary				In	Importance	Status
	1326779	libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty		gnutls28 (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.gnutls.org/...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://www.gitorious....
DEBIAN: DSA-2944
REDHAT: RHSA-2014:0594
CONFIRM: http://linux.oracle.co...
SUSE: openSUSE-SU-2014:0763
SUSE: openSUSE-SU-2014:0767
SECUNIA: 58340
SECUNIA: 58598
SECUNIA: 58601
SECUNIA: 58642
SECUNIA: 59016
CONFIRM: http://linux.oracle.co...
SECUNIA: 59057
SECUNIA: 59086
SECUNIA: 59021
REDHAT: RHSA-2014:0815
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 59838
SECTRACK: 1030314
MISC: http://radare.today/te...
BID: 67741
CONFIRM: http://www-947.ibm.com...
CONFIRM: http://www.novell.com/...
CONFIRM: http://www.novell.com/...
SECUNIA: 60384
SECUNIA: 59408
REDHAT: RHSA-2014:0595
REDHAT: RHSA-2014:0684
SUSE: SUSE-SU-2014:0758
SUSE: SUSE-SU-2014:0788
UBUNTU: USN-2229-1