Bugzilla – Bug 880730
VUL-0: CVE-2014-3466: gnutls: Possible memory corruption during connect
Last modified: 2018-10-19 18:22:44 UTC
GnuTLS parses session ids during the TLS/SSL handshake in a way that causes a buffer overlow. This can cause a DoS or possible RCE. Reproducer: https://www.gitorious.org/gnutls/gnutls/source/8d7d6c6:lib/gnutls_handshake.c#L1747 Patch: https://bugzilla.redhat.com/attachment.cgi?id=899870&action=diff Fixed in GnuTLS versions 3.1.25, 3.2.15, and 3.3.3: http://lists.gnutls.org/pipermail/gnutls-devel/2014-May/006944.html http://lists.gnutls.org/pipermail/gnutls-devel/2014-May/006945.html http://lists.gnutls.org/pipermail/gnutls-devel/2014-May/006946.html References: http://www.gnutls.org/security.html#GNUTLS-SA-2014-3 https://bugzilla.redhat.com/show_bug.cgi?id=1101932 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (880730) was mentioned in https://build.opensuse.org/request/show/235998 13.1 / gnutls https://build.opensuse.org/request/show/235999 12.3 / gnutls
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-06-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57611
Affected packages: SLE-11-SP3: gnutls SLE-10-SP3-TERADATA: gnutls SLE-11-SP1: gnutls SLE-9-SP3-TERADATA: gnutls SLE-11-SP2: gnutls
Interesting reading: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ I'll check if SLES were vulnerable to this issue or not.
Submit requests for SLE-11/SLE-10/SLE9-TERADATA already...the network traffic is not slow here. I'll try to fix it for SLE-12 when I come back from vacation.
Done! Re-assigning to the security team.
This is an autogenerated message for OBS integration: This bug (880730) was mentioned in https://build.opensuse.org/request/show/236129 Factory / gnutls
Created attachment 593258 [details] gnutls-server-CVE-2014-3466.c gcc -o gnutls-server-CVE-2014-3466 gnutls-server-CVE-2014-3466.c ./gnutls-server-CVE-2014-3466 other shell: gnutls-cli -p 3466 testhostname (not localhost)
Created attachment 593313 [details] long-session-id.c standalone testcase gcc -o long-session-id long-session-id.c -lgnutls -O2 -Wall ./long-session-id
fwiw, 11-sp3 was just released and will be available on the update servers in some hours.
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-64bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-HAE 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0758-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 880730,880910 CVE References: CVE-2014-3466 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): gnutls-2.4.1-24.39.51.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): gnutls-2.4.1-24.39.51.1 SUSE Linux Enterprise Server 11 SP3 (src): gnutls-2.4.1-24.39.51.1 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): gnutls-2.4.1-24.39.51.1 SUSE Linux Enterprise Desktop 11 SP3 (src): gnutls-2.4.1-24.39.51.1
openSUSE-SU-2014:0763-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 880730,880733 CVE References: CVE-2014-3465,CVE-2014-3466 Sources used: openSUSE 13.1 (src): gnutls-3.2.4-2.24.1 openSUSE 12.3 (src): gnutls-3.0.28-1.14.1
openSUSE-SU-2014:0767-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 880730 CVE References: CVE-2014-3466 Sources used: openSUSE 11.4 (src): gnutls-2.8.6-5.29.1
Update released for: gnutls, gnutls-debuginfo, gnutls-devel Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26 Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64) SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26 Products: SUSE-MANAGER 1.7 (x86_64)
SUSE-SU-2014:0788-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 880730,880910 CVE References: CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): gnutls-2.4.1-24.39.53.1 SUSE Linux Enterprise Server 11 SP1 LTSS (src): gnutls-2.4.1-24.39.53.1
SUSE-SU-2014:0758-2: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 880730,880910 CVE References: CVE-2014-3466 Sources used: SUSE Manager 1.7 for SLE 11 SP2 (src): gnutls-2.4.1-24.39.51.1
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64) SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86 Products: SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64) SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0788-2: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 880730,880910 CVE References: CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): gnutls-1.2.10-13.40.1 SUSE Linux Enterprise Server 10 SP3 LTSS (src): gnutls-1.2.10-13.40.1
Update released for: gnutls, gnutls-devel Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: gnutls, gnutls-devel Products: SUSE-CORE 9-LTSS (i386, s390, s390x, x86_64)
all relevant packages were updated
SUSE-SU-2014:0800-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 554084,670152,802651,880730,880910 CVE References: CVE-2013-1619,CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469 Sources used: SUSE CORE 9 (src): gnutls-1.0.8-26.32
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-01. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58005
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-01. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58007
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: Open-Enterprise-Server 11-SP1 (x86_64)
Update released for: gnutls, gnutls-devel, gnutls-32bit, gnutls-devel-32bit Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SERVER 10-SP3 (i386, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)