Lucene search

Gentoo FoundationMGASA-2013-0354

HistoryDec 01, 2013 - 1:17 a.m.

Updated gnutls package fixes security vulnerability

2013-12-0101:17:13

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON

A DNS server that returns more 4 DANE entries could corrupt the memory of a requesting client using the DANE library from GnuTLS before 3.1.15 and 3.2.5 (CVE-2013-4466). This updates GnuTLS to version 3.1.16, fixing this issue and several other bugs

OSVersionArchitecturePackageVersionFilename
Mageia3noarchgnutls< 3.1.16-1gnutls-3.1.16-1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	gnutls	< 3.1.16-1	gnutls-3.1.16-1.mga3

References

lists.gnutls.org/pipermail/gnutls-help/2013-August/003216.html

lists.gnutls.org/pipermail/gnutls-help/2013-October/003250.html

lists.gnutls.org/pipermail/gnutls-help/2013-October/003262.html

www.gnutls.org/security.html#GNUTLS-SA-2013-3

bugs.mageia.org/show_bug.cgi?id=11561

lists.fedoraproject.org/pipermail/package-announce/2013-October/119788.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for MGASA-2013-0354