904603 – (CVE-2014-8564) VUL-0: CVE-2014-8564: gnutls: heap corruption in encoding elliptic curve parameters

Bug 904603 (CVE-2014-8564) - VUL-0: CVE-2014-8564: gnutls: heap corruption in encoding elliptic curve parameters

Summary: VUL-0: CVE-2014-8564: gnutls: heap corruption in encoding elliptic curve para...

Status:	RESOLVED FIXED

Alias:	CVE-2014-8564

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-11-10 08:05 UTC by Marcus Meissner
Modified:	2016-04-27 19:31 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
gnutls-CVE-2014-8564.patch (1.44 KB, patch) 2014-11-12 09:22 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-11-10 08:05:15 UTC

via gnutls twitter

http://www.gnutls.org/security.html#GNUTLS-SA-2014-5

GNUTLS-SA-2014-5

CVE-2014-8564
Denial of service

Sean Burford reported that the encoding of elliptic curves parameters GnuTLS 3 is vulnerable to a denial of service (heap corruption). It affects clients and servers which print information about the peer's certificate, e.g., the key ID, and can be exploited via a specially crafted X.509 certificate.
Recommendation: Upgrade to GnuTLS 3.3.10, 3.2.20 or 3.1.28.

Comment 1 Marcus Meissner 2014-11-10 08:05:46 UTC

bugowner is meissner ... doll

Comment 2 Swamp Workflow Management 2014-11-10 23:00:13 UTC

bugbot adjusting priority

Comment 3 Marcus Meissner 2014-11-12 09:22:13 UTC

Created attachment 613304 [details]
gnutls-CVE-2014-8564.patch

commit 7429872b74c8216bbf15e241e47aba94369ef083
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Nov 10 07:50:18 2014 +0100

    when exporting curve coordinates to X9.63 format, perform additional sanity checks on input
    
    Reported by Sean Burford.

Comment 4 Marcus Meissner 2014-11-12 09:24:06 UTC

sles11 gnutls 2.4.1 had no ECC support at all, so its not affected.

Comment 6 Marcus Meissner 2014-11-13 08:55:14 UTC

submitted

Comment 7 Swamp Workflow Management 2014-11-21 09:05:40 UTC

openSUSE-SU-2014:1472-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 904603
CVE References: CVE-2014-8564
Sources used:
openSUSE 13.2 (src):    gnutls-3.2.18-4.1
openSUSE 13.1 (src):    gnutls-3.2.4-2.28.1
openSUSE 12.3 (src):    gnutls-3.0.28-1.18.1

Comment 8 Bernhard Wiedemann 2014-11-24 09:00:17 UTC

This is an autogenerated message for OBS integration:
This bug (904603) was mentioned in
https://build.opensuse.org/request/show/262808 Factory / gnutls

Comment 9 Swamp Workflow Management 2014-12-12 12:04:58 UTC

SUSE-SU-2014:1628-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 904603
CVE References: CVE-2014-8564
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    gnutls-3.2.15-4.1
SUSE Linux Enterprise Server 12 (src):    gnutls-3.2.15-4.1
SUSE Linux Enterprise Desktop 12 (src):    gnutls-3.2.15-4.1

Comment 10 Marcus Meissner 2014-12-15 13:22:44 UTC

reelased