Bugzilla – Bug 847484
VUL-1: CVE-2013-4466: gnutls: gnutls 3.1.x and 3.2.x overflow in libdane
Last modified: 2013-10-29 09:44:21 UTC
via GNUTLS advisory http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 GNUTLS-SA-2013-3 Denial of service This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. Recommendation: Upgrade to the latest gnutls version (3.1.15 or 3.2.5) Commit for 3.1: https://gitorious.org/gnutls/gnutls/commit/916deedf41604270ac398314809e8377476433db Commit for 3.2: https://gitorious.org/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3
only openSUSE 13.1 and Factory have 3.1.x or 3.2.x., olders have 3.0 and older.
bugbot adjusting priority
CVE-2013-4466
(In reply to comment #1) > only openSUSE 13.1 and Factory have 3.1.x or 3.2.x., olders have 3.0 and older. > Submit requests to openSUSE 13.1 and Factory already. Submit request ids: 204769, 204770
This is an autogenerated message for OBS integration: This bug (847484) was mentioned in https://build.opensuse.org/request/show/204769 13.1 / gnutls
Upgrade to 3.2.5: created request id 205068. Disable ECC at default.
fixed in 13.1 before GA, so done