GnuTLS是用于实现TLS加密协议的函数库。
GnuTLS在处理各种畸形TLS报文时存在多个安全漏洞,可能导致拒绝服务或完全入侵运行该库应用程序所在的操作系统。lib/gnutls_cipher.c文件的_gnutls_ciphertext2compressed()函数在处理加密TLS数据时存在符号错误,这个漏洞可能导致使用GnuTLS库的应用程序崩溃。AKA编号GNUTLS-SA-2008-1-3。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.debian.org/security/2008/dsa-1581
来源: US-CERT
名称: VU#659209
链接:http://www.kb.cert.org/vuls/id/659209
来源: MLIST
名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS
链接:http://www.openwall.com/lists/oss-security/2008/05/20/2
来源: MLIST
名称: [gnutls-devel] 20080519 GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html
来源: XF
名称: gnutls-gnutlsciphertext2compressed-bo(42533)
链接:http://xforce.iss.net/xforce/xfdb/42533
来源: BID
名称: 29292
链接:http://www.securityfocus.com/bid/29292
来源: BUGTRAQ
名称: 20080520 Vulnerability Advisory on GnuTLS
链接:http://www.securityfocus.com/archive/1/archive/1/492282/100/0/threaded
来源: REDHAT
名称: RHSA-2008:0492
链接:http://www.redhat.com/support/errata/RHSA-2008-0492.html
来源: REDHAT
名称: RHSA-2008:0489
链接:http://www.redhat.com/support/errata/RHSA-2008-0489.html
来源: MLIST
名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS
链接:http://www.openwall.com/lists/oss-security/2008/05/20/3
来源: MLIST
名称: [oss-security] 20080520 Re: CVE ID request: GNUTLS
链接:http://www.openwall.com/lists/oss-security/2008/05/20/1
来源: MISC
链接:http://www.cert.fi/haavoittuvuudet/advisory-gnutls.html
来源: wiki.rpath.com
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0174
来源: SREASON
名称: 3902
链接:http://securityreason.com/securityalert/3902
来源: SECUNIA
名称: 31939
链接:http://secunia.com/advisories/31939
来源: SECUNIA
名称: 30355
链接:http://secunia.com/advisories/30355
来源: SUSE
名称: SUSE-SA:2008:046
链接:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00003.html
来源: MLIST
名称: [gnutls-devel] 20080519 GnuTLS 2.2.5 - Brown paper bag release
链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html
来源: MLIST
名称: [gnutls-devel] 20080519 Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
链接:http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00055.html
来源: git.savannah.gnu.org
链接:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b
来源: FEDORA
名称: FEDORA-2008-4274
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00615.html
来源: FEDORA
名称: FEDORA-2008-4259
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00590.html
来源: FEDORA
名称: FEDORA-2008-4183
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00487.html
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2552
来源: UBUNTU
名称: USN-613-1
链接:http://www.ubuntu.com
来源: UBUNTU
名称: USN-613-1
链接:http://www.ubuntu.com/usn/usn-613-1
来源: SECTRACK
名称: 1020059
链接:http://www.securitytracker.com/id?1020059
来源: BUGTRAQ
名称: 20080522 rPSA-2008-0174-1 gnutls
链接:http://www.securityfocus.com/archive/1/archive/1/492464/100/0/threaded
来源: MANDRIVA
名称: MDVSA-2008:106
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:106
来源: VUPEN
名称: ADV-2008-1583
链接:http://www.frsirt.com/english/advisories/2008/1583/references
来源: VUPEN
名称: ADV-2008-1582
链接:http://www.frsirt.com/english/advisories/2008/1582/references
来源: DEBIAN
名称: DSA-1581
链接:http://www.debian.org/security/2008/dsa-1581
来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=600646&group_id=21558
来源: GENTOO
名称: GLSA-200805-20
链接:http://security.gentoo.org/glsa/glsa-200805-20.xml
来源: SECUNIA
名称: 30338
链接:http://secunia.com/advisories/30338
来源: SECUNIA
名称: 30331
链接:http://secunia.com/advisories/30331
来源: SECUNIA
名称: 30330
链接:http://secunia.com/advisories/30330
来源: SECUNIA
名称: 30324
链接:http://secunia.com/advisories/30324
来源: SECUNIA
名称: 30317
链接:http://secunia.com/advisories/30317
来源: SECUNIA
名称: 30302
链接:http://secunia.com/advisories/30302
来源: SECUNIA
名称: 30287
链接:http://secunia.com/advisories/30287
暂无
发布时间 Jun 19, 2017
发布时间 Apr 18, 2017
发布时间 Jan 12, 2017
发布时间 Jan 12, 2017
发布时间 Sep 13, 2016
