Bugzilla – Bug 880733
VUL-0: CVE-2014-3465: gnutls: gnutls_x509_dn_oid_name NULL pointer dereference
Last modified: 2014-06-10 13:57:50 UTC
gnutls_x509_dn_oid_name() returns NULL to it's caller when it is not expected. The fix was first included in upstream versions 3.1.20 and 3.2.10: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7251 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7250 Versions >=3.0 are affected, please submit for openSUSE 12.3 and openSUSE 13.1 References: https://bugzilla.redhat.com/show_bug.cgi?id=1101734 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (880733) was mentioned in https://build.opensuse.org/request/show/235998 13.1 / gnutls https://build.opensuse.org/request/show/235999 12.3 / gnutls
Fixed for OpenSuSE 13.1/12.3 and SLE-12 is not affected by this issue. Re-assigning to the security team.
openSUSE-SU-2014:0763-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 880730,880733 CVE References: CVE-2014-3465,CVE-2014-3466 Sources used: openSUSE 13.1 (src): gnutls-3.2.4-2.24.1 openSUSE 12.3 (src): gnutls-3.0.28-1.14.1
all relevant packages are fixed