diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-05-19 14:06:41 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-05-19 14:06:41 +0200 |
commit | 8e4d81cca7e924bbbe62be055377d06e22d6f786 (patch) | |
tree | dbc7481a48ae4bbdd0e464b55c7c50afbbc19ade | |
parent | bc8102405fda11ea00ca3b42acc4f4bce9d6e97b (diff) | |
download | gnutls-8e4d81cca7e924bbbe62be055377d06e22d6f786.tar.gz |
Add.
-rw-r--r-- | NEWS | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -5,6 +5,32 @@ See the end for copying conditions. * Version 2.3.10 (unreleased) +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to +<http://www.gnu.org/software/gnutls/security.html> + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + ** libgnutlsxx: Updated API according to patches from Eduardo Villanueva Che (discussion at <http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>) |