Mandriva Update For Gnutls MDVSA-2012:045 (gnutls) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in GnuTLS: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket (CVE-2011-4128). The updated packages have been patched to correct this issue.

Affected

gnutls on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2011-4128

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:107 (acpid)
Mandrake Security Advisory MDVSA-2009:124-1 (apache)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:117 (ntp)

Mandriva Update for gnutls MDVSA-2012:045 (gnutls)

Take action and discover your vulnerabilities