We all are lucky having a freely floating source code. The bug in
GNUTLS was patched . This is from patch file:
- if (len < session_id_len) {
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
gnutls_assert();
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
}
by Nikos Mavrogiannopoulos of Redhat. The issue was in gnutls_handshake.c .[1]
The flaw was found in the way GnuTLS parsed session IDs from
ServerHello messages of the TLS/SSL handshake. A malicious server
could use this flaw to send an excessively long session ID value,
which would trigger a buffer overflow in a connecting TLS/SSL client
application using GnuTLS, causing the client application to crash or,
possibly, execute arbitrary code.[2]
On 2014-05-30 they released GNUTLS version with bug fixes. [3]
[1] https://bugzilla.redhat.com/attachment.cgi?id=899870
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1101932
[3] http://gnutls.org/index.html
--
Registered Linux user #545296
_______________________________________________
Indian Libre User Group Cochin Mailing List
http://www.ilug-cochin.org/mailing-list/
http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org
#[email protected]
