[v2.7] gnutls: Memory corruption before 3.1.25, 3.2.15 and 3.3.4 (CVE-2014-3466)
http://www.gnutls.org/security.html\#GNUTLS-SA-2014-3
This vulnerability affects the client side of the gnutls library. A
server that sends a specially crafted ServerHello could corrupt the
memory of a requesting client.
Analysis at
radare.today
Recommendation: Upgrade to the latest gnutls version (3.1.25, 3.2.15 or
3.3.4)
(from redmine: issue id 2986, created on 2014-06-04, closed on 2014-06-09)
- Relations:
- copied_to #2987 (closed)
- parent #2985 (closed)
- Changesets:
- Revision 84a1a9ba by Timo Teräs on 2014-06-04T10:34:41Z:
main/gnutls: security upgrade to 3.2.15 (CVE-2014-3466)
fixes #2986