New GnuTLS buffer overflow

by
in security on (#3A5)
Another week, another buffer overflow in a crypto library! This time, GnuTLS is the culprit as it misses the length checks for the session ID in the ServerHello message. Because most server applications choose OpenSSL over GnuTLS, the list of affected packages is actually rather small - but make sure your systems are up to date regardless.

History

2014-06-04 03:37
New GnuTLS buffer overflow
bryan@pipedot.org
Another week, another buffer overflow in a crypto library! This time, GnuTLS is the culprit as it misses the length checks for the session ID in the ServerHello message. Because most server applications choose OpenSSL over GnuTLS, the list of affected packages is actually rather small - but make sure your systems are up to date regardless.
Reply 0 comments