Story 2014-06-04 3ND New GnuTLS buffer overflow

New GnuTLS buffer overflow

in security on (#3ND)
story imageAnother week, another buffer overflow in a crypto library! This time, GnuTLS is the culprit as it misses the length checks for the session ID in the ServerHello message. Because most server applications choose OpenSSL over GnuTLS, the list of affected packages is actually rather small - but make sure your systems are up to date regardless.
Reply 4 comments

Packages (Score: 3, Informative)

by on 2014-06-04 22:05 (#20R)

Exim (mail server) and CUPS (print server) are on the list.

Re: Packages (Score: 1)

by on 2014-06-05 15:58 (#20W)

Thanks for that. The list of affected packages is small, the list of affected systems...quite something else really.

the pharmer in the Dell (Score: 0)

by Anonymous Coward on 2014-06-04 23:07 (#20S)

rubbing one off for freedom

That's the problem with... (Score: 1)

by on 2014-06-05 21:16 (#20Y)

... upgrading

ii libgnutls26 2.8.6-1+squeeze3 the GNU TLS library - runtime library