Novell Home

CVE-2008-1950

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-1950 at MITRE

Description

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entries: 392947, 670152

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • gnutls >= 1.0.8-26.15
  • gnutls-devel >= 1.0.8-26.15
core9.x86
sles9-nld.x86
core9.x86-64
core9.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sles10-sp2-debuginfo.x86
core9.s390
sles10-sp2-debuginfo.ia64
core9.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles9-nlpos.x86
sles10-sp2-debuginfo.ppc
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86
sles10-sp2-debuginfo.s390x
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
YOU Patch Nr: 12230
ZYPP Patch Nr: 5543
Novell Linux Desktop 9 for x86_64
  • gnutls >= 1.0.8-26.15
  • gnutls-32bit >= 9-200808211659
  • gnutls-devel >= 1.0.8-26.15
  • gnutls-devel-32bit >= 9-200808211659
core9.x86
sles9-nld.x86
core9.x86-64
core9.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sles10-sp2-debuginfo.x86
core9.s390
sles10-sp2-debuginfo.ia64
core9.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles9-nlpos.x86
sles10-sp2-debuginfo.ppc
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86
sles10-sp2-debuginfo.s390x
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
YOU Patch Nr: 12230
ZYPP Patch Nr: 5543

© 2014 Novell