CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.4%
CentOS Errata and Security Advisory CESA-2008:0492
The GnuTLS Library provides support for cryptographic algorithms and
protocols such as TLS. GnuTLS includes libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.
Flaws were found in the way GnuTLS handles malicious client connections. A
malicious remote client could send a specially crafted request to a service
using GnuTLS that could cause the service to crash. (CVE-2008-1948,
CVE-2008-1949, CVE-2008-1950)
We believe it is possible to leverage the flaw CVE-2008-1948 to execute
arbitrary code but have been unable to prove this at the time of releasing
this advisory. Red Hat Enterprise Linux 4 does not ship with any
applications directly affected by this flaw. Third-party software which
runs on Red Hat Enterprise Linux 4 could, however, be affected by this
vulnerability. Consequently, we have assigned it important severity.
Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077089.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077090.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077097.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077099.html
Affected packages:
gnutls
gnutls-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0492
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.i386.rpm |
CentOS | 4 | i386 | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.i386.rpm |
CentOS | 4 | i386 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.i386.rpm |
CentOS | 4 | x86_64 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.x86_64.rpm |
CentOS | 4 | x86_64 | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.x86_64.rpm |
CentOS | 4 | ia64 | gnutls | <Β 1.0.20-4.c4 | gnutls-1.0.20-4.c4.ia64.rpm |
CentOS | 4 | ia64 | gnutls-devel | <Β 1.0.20-4.c4 | gnutls-devel-1.0.20-4.c4.ia64.rpm |
CentOS | 4 | s390 | gnutls | <Β 1.0.20-4.c4 | gnutls-1.0.20-4.c4.s390.rpm |
CentOS | 4 | s390 | gnutls-devel | <Β 1.0.20-4.c4 | gnutls-devel-1.0.20-4.c4.s390.rpm |
CentOS | 4 | s390x | gnutls | <Β 1.0.20-4.c4 | gnutls-1.0.20-4.c4.s390x.rpm |