Novell Home

CVE-2008-1950

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-1950 at MITRE

Description

Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 392947, 670152

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86
  • gnutls-debuginfo >= 1.2.10-13.11
core9.x86
sles9-nld.x86
core9.x86-64
core9.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sles10-sp2-debuginfo.x86
core9.s390
sles10-sp2-debuginfo.ia64
core9.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles9-nlpos.x86
sles10-sp2-debuginfo.ppc
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86
sles10-sp2-debuginfo.s390x
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
YOU Patch Nr: 12230
ZYPP Patch Nr: 5543
Novell Linux Desktop 9 for x86_64
  • gnutls >= 1.0.8-26.15
  • gnutls-32bit >= 9-200808211659
  • gnutls-devel >= 1.0.8-26.15
  • gnutls-devel-32bit >= 9-200808211659
core9.x86
sles9-nld.x86
core9.x86-64
core9.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sles10-sp2-debuginfo.x86
core9.s390
sles10-sp2-debuginfo.ia64
core9.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles9-nlpos.x86
sles10-sp2-debuginfo.ppc
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86
sles10-sp2-debuginfo.s390x
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
YOU Patch Nr: 12230
ZYPP Patch Nr: 5543
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • gnutls >= 1.0.8-26.15
  • gnutls-devel >= 1.0.8-26.15
core9.x86
sles9-nld.x86
core9.x86-64
core9.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sles10-sp2-debuginfo.x86
core9.s390
sles10-sp2-debuginfo.ia64
core9.ia64
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles9-nlpos.x86
sles10-sp2-debuginfo.ppc
sled10-sp2.x86-64
sled10-sp2.x86
sles10-sp2.s390x
sles10-sp2.x86
sles10-sp2-debuginfo.s390x
sles9-oes.x86
core9.ppc
sles9-nld.x86-64
YOU Patch Nr: 12230
ZYPP Patch Nr: 5543

© 2014 Novell