http://www.mandriva.com/en/
______________________________
Package : gnutls
Date : November 19, 2014
Affected: Business Server 1.0
______________________________
Problem Description:
Updated gnutls package fix security vulnerability:
An out-of-bounds memory write flaw was found in the way GnuTLS
parsed certain ECC (Elliptic Curve Cryptography) certificates or
certificate signing requests (CSR). A malicious user could create a
specially crafted ECC certificate or a certificate signing request
that, when processed by an application compiled against GnuTLS (for
example, certtool), could cause that application to crash or execute
arbitrary code with the permissions of the user running the application
(CVE-2014-8564).
_______
_______________________
References:
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
94d152cd74fe6bd1fbfc5129ab0117
49acc9edb1de075c5d960dcf415871
24e3675f3a05835117e2a9e16bc27d
860f32dafc10af57574abad1321e76
369eb8cdb1874549080fe52aa50949
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą