Debian Security Advisory 3334-1

Debian Security Advisory 3334-1: Posted Aug 12, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3334-1 - Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.; tags | advisory, remote, denial of service; systems | linux, debian; SHA-256 | 5d813d575e9bf5135e8fef0639708202974c1db43743e556ddf90160df0688eb; Download | Favorite | View

Debian Security Advisory 3334-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3334-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 12, 2015                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gnutls28
CVE ID         : not yet available
Debian Bug     : 795068

Kurt Roeckx discovered that decoding a specific certificate with very
long DistinguishedName (DN) entries leads to double free. A remote
attacker can take advantage of this flaw by creating a specially crafted
certificate that, when processed by an application compiled against
GnuTLS, could cause the application to crash resulting in a denial of
service.

For the stable distribution (jessie), this problem has been fixed in
version 3.3.8-6+deb8u2.

For the unstable distribution (sid), this problem has been fixed in
version 3.3.17-1.

We recommend that you upgrade your gnutls28 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVy101AAoJEAVMuPMTQ89EfH4P/iSOwPmzlrfUTCdHJigU3YCs
yhabtdQ8NMihsrDWr6TftoK8WrY2vSOb3wKY/mTxqCd0B95nObilsTnSMknJYkuw
tADoaNgaStgIR7dv7WxAt9+2h4DvagPRwRLT3Dswxuf/z3Q8TS2FAe1zK9XYbSm/
swFTIYyLSw2YRGm8LqwD2AN634byvwDpTXqe5RGPIJjVQTx3MfF5wpCeU1zlH3LZ
BO9DrGFg8ffGWQ/TYateHmnICjuiW0fTWZeuzgjTgAfEI8gG1YVpcknTQxEU6UBa
6XSb8Tz3OseCb1bf4zzP0T4rQH81tdIA2ttFRNHOWFS3Skn42QQD2nWIAWObpZ7n
H/rWdOgZRDoe4M8MsBStDcwn4OHG/whRuF862Cj2sYo9kinc7kKVDmdjNQ/c/lB6
Cq7gR0Kih9epND6t7M9P38Ibq+dG3c2M72IqQIEL8jqw4XEfDKyK0vI7kJM812yd
9FUaQUPoGKscPMX25Q76ClE8Q8U1aJXmtSzBqY2np3ml0QSyRlNJ2NNLZ0+Z9xmI
xeked1VIvQnkE5GFauXx6HOxPqMz3BQ+Qdevf0SNWysUcvc4vMgjn1Mo3z6ukUjY
hcpc7DDi9HsEYQjrCKQpQdX9k4kawOXJI8KmECRKEujk7oFTsM3WAiHoEGYnDwxs
FDDj1OJMUvgD49ihbaoO
=j1MK
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

Debian Security Advisory 3334-1

Debian Security Advisory 3334-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3334-1

Share This

Debian Security Advisory 3334-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems