The GnuTLS Library provides support for cryptographic algorithms and
protocols such as TLS. GnuTLS includes libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.
Flaws were found in the way GnuTLS handles malicious client connections. A
malicious remote client could send a specially crafted request to a service
using GnuTLS that could cause the service to crash. (CVE-2008-1948,
CVE-2008-1949, CVE-2008-1950)
We believe it is possible to leverage the flaw CVE-2008-1948 to execute
arbitrary code but have been unable to prove this at the time of releasing
this advisory. Red Hat Enterprise Linux 4 does not ship with any
applications directly affected by this flaw. Third-party software which
runs on Red Hat Enterprise Linux 4 could, however, be affected by this
vulnerability. Consequently, we have assigned it important severity.
Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ppc | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.ppc.rpm |
RedHat | 4 | ppc | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.ppc.rpm |
RedHat | 4 | s390 | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.s390.rpm |
RedHat | 4 | s390x | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.s390x.rpm |
RedHat | 4 | x86_64 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.x86_64.rpm |
RedHat | 4 | ia64 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.ia64.rpm |
RedHat | 4 | s390 | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.s390.rpm |
RedHat | 4 | s390x | gnutls | <Β 1.0.20-4.el4_6 | gnutls-1.0.20-4.el4_6.s390x.rpm |
RedHat | 4 | ia64 | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.ia64.rpm |
RedHat | 4 | i386 | gnutls-devel | <Β 1.0.20-4.el4_6 | gnutls-devel-1.0.20-4.el4_6.i386.rpm |