Red Hat Security Advisory 2014-0684-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash.
c3480dbeae965e50ea2596aee4b2db89bd2a3b4760517ee917313be96570a000