Vulnerability in all gnuTLS versions released prior to 5/30

A vulnerability has been identified in the several open source TLS libraries that are commonly used on Linux systems. The vulnerability would allow a buffer overflow if exploited. If you run a Ubuntu or RedHat system, please check to see if a patch is available. The TLS versions that are vulnerable include all versions prior to 3.1.25, 3.2.15 and 3.3.4. Updated versions are available from http://www.gnutls.org/download.html . If you have gnuTLS deployed please install the patch for your respective version as soon as possible.

The CVE link from mitre.org is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466

Other sources of information on this condition –

Tags:

Categories: Uncategorized