Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 281249

Summary: =net-libs/gnutls-2.8.2 Memory overread Denial of Service
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: crypto+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=c12e7507562d5f168330acf1dd7db7cc2079cdf0
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 275695    

Description Robert Buchholz (RETIRED) gentoo-dev 2009-08-12 20:33:41 UTC 
Tomas Hoger of Red Hat pointed out that GnuTLS 2.8.2 contains an out of bounds read crash that is exposed via public API functions.

Discussion:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3725/focus=3768

Patch;
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=c12e7507562d5f168330acf1dd7db7cc2079cdf0
Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-08-13 01:06:15 UTC 
Fixed in net-libs/gnutls-2.8.2-r1.