MDVSA-2014:109 -- Mandriva gnutlsID: oval:org.secpod.oval:def:1300315 | Date: (C)2014-07-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
Updated gnutls packages fix security vulnerability: A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code .
Platform: |
Mandriva Enterprise Server 5.2 |