Bug 880730 - (CVE-2014-3466) VUL-0: CVE-2014-3466: gnutls: Possible memory corruption during connect
(CVE-2014-3466)
VUL-0: CVE-2014-3466: gnutls: Possible memory corruption during connect
Status: VERIFIED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/99186/
maint:released:sle11-sp3:57659 wasL...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-30 11:59 UTC by Johannes Segitz
Modified: 2018-10-19 18:22 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
gnutls-server-CVE-2014-3466.c (1.38 KB, text/x-c++src)
2014-06-04 09:33 UTC, Marcus Meissner
Details
long-session-id.c (7.04 KB, text/plain)
2014-06-04 13:53 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-05-30 22:00:19 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2014-06-02 07:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (880730) was mentioned in
https://build.opensuse.org/request/show/235998 13.1 / gnutls
https://build.opensuse.org/request/show/235999 12.3 / gnutls
Comment 3 Swamp Workflow Management 2014-06-02 08:09:59 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-06-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57611
Comment 4 SMASH SMASH 2014-06-02 08:10:14 UTC
Affected packages:

SLE-11-SP3: gnutls
SLE-10-SP3-TERADATA: gnutls
SLE-11-SP1: gnutls
SLE-9-SP3-TERADATA: gnutls
SLE-11-SP2: gnutls
Comment 5 Shawn Chang 2014-06-02 14:12:00 UTC
Interesting reading:
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/

I'll check if SLES were vulnerable to this issue or not.
Comment 6 Shawn Chang 2014-06-02 14:44:39 UTC
Submit requests for SLE-11/SLE-10/SLE9-TERADATA already...the network traffic is not slow here. I'll try to fix it for SLE-12 when I come back from vacation.
Comment 9 Shawn Chang 2014-06-03 04:27:49 UTC
Done! Re-assigning to the security team.
Comment 10 Bernhard Wiedemann 2014-06-03 10:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (880730) was mentioned in
https://build.opensuse.org/request/show/236129 Factory / gnutls
Comment 12 Marcus Meissner 2014-06-04 09:33:19 UTC
Created attachment 593258 [details]
gnutls-server-CVE-2014-3466.c

gcc -o gnutls-server-CVE-2014-3466 gnutls-server-CVE-2014-3466.c

./gnutls-server-CVE-2014-3466 


other shell:

gnutls-cli -p 3466 testhostname           (not localhost)
Comment 14 Marcus Meissner 2014-06-04 13:53:50 UTC
Created attachment 593313 [details]
long-session-id.c

standalone testcase

gcc -o long-session-id long-session-id.c -lgnutls -O2 -Wall
./long-session-id
Comment 17 Marcus Meissner 2014-06-04 15:53:55 UTC
fwiw, 11-sp3 was just released and will be available on the update servers in some hours.
Comment 18 Swamp Workflow Management 2014-06-04 21:53:20 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-64bit, libgnutls26-x86
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-HAE 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 19 Swamp Workflow Management 2014-06-05 01:04:24 UTC
SUSE-SU-2014:0758-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 880730,880910
CVE References: CVE-2014-3466
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    gnutls-2.4.1-24.39.51.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    gnutls-2.4.1-24.39.51.1
SUSE Linux Enterprise Server 11 SP3 (src):    gnutls-2.4.1-24.39.51.1
SUSE Linux Enterprise High Availability Extension 11 SP3 (src):    gnutls-2.4.1-24.39.51.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    gnutls-2.4.1-24.39.51.1
Comment 22 Swamp Workflow Management 2014-06-06 09:04:24 UTC
openSUSE-SU-2014:0763-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 880730,880733
CVE References: CVE-2014-3465,CVE-2014-3466
Sources used:
openSUSE 13.1 (src):    gnutls-3.2.4-2.24.1
openSUSE 12.3 (src):    gnutls-3.0.28-1.14.1
Comment 23 Swamp Workflow Management 2014-06-06 10:24:00 UTC
openSUSE-SU-2014:0767-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 880730
CVE References: CVE-2014-3466
Sources used:
openSUSE 11.4 (src):    gnutls-2.8.6-5.29.1
Comment 26 Swamp Workflow Management 2014-06-11 13:04:23 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-devel
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 28 Swamp Workflow Management 2014-06-12 16:04:27 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 29 Swamp Workflow Management 2014-06-12 18:46:48 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64)
SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Comment 30 Swamp Workflow Management 2014-06-12 18:48:25 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Comment 32 Swamp Workflow Management 2014-06-12 20:48:59 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26
Products:
SUSE-MANAGER 1.7 (x86_64)
Comment 33 Swamp Workflow Management 2014-06-12 22:04:38 UTC
SUSE-SU-2014:0788-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 880730,880910
CVE References: CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    gnutls-2.4.1-24.39.53.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    gnutls-2.4.1-24.39.53.1
Comment 34 Swamp Workflow Management 2014-06-13 00:04:45 UTC
SUSE-SU-2014:0758-2: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 880730,880910
CVE References: CVE-2014-3466
Sources used:
SUSE Manager 1.7 for SLE 11 SP2 (src):    gnutls-2.4.1-24.39.51.1
Comment 35 Swamp Workflow Management 2014-06-13 13:47:55 UTC
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64)
SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Comment 36 Swamp Workflow Management 2014-06-13 14:46:46 UTC
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 37 Swamp Workflow Management 2014-06-13 18:04:23 UTC
SUSE-SU-2014:0788-2: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 880730,880910
CVE References: CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    gnutls-1.2.10-13.40.1
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    gnutls-1.2.10-13.40.1
Comment 38 Swamp Workflow Management 2014-06-16 09:04:22 UTC
Update released for: gnutls, gnutls-devel
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 39 Swamp Workflow Management 2014-06-16 12:47:33 UTC
Update released for: gnutls, gnutls-devel
Products:
SUSE-CORE 9-LTSS (i386, s390, s390x, x86_64)
Comment 40 Johannes Segitz 2014-06-16 13:30:10 UTC
all relevant packages were updated
Comment 41 Swamp Workflow Management 2014-06-16 16:05:02 UTC
SUSE-SU-2014:0800-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 554084,670152,802651,880730,880910
CVE References: CVE-2013-1619,CVE-2014-3466,CVE-2014-3467,CVE-2014-3468,CVE-2014-3469
Sources used:
SUSE CORE 9 (src):    gnutls-1.0.8-26.32
Comment 42 Swamp Workflow Management 2014-06-24 10:14:16 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58005
Comment 43 Swamp Workflow Management 2014-06-24 11:24:27 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58007
Comment 44 Swamp Workflow Management 2014-06-30 14:16:22 UTC
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86
Products:
Open-Enterprise-Server 11-SP1 (x86_64)
Comment 45 Swamp Workflow Management 2014-06-30 16:51:16 UTC
Update released for: gnutls, gnutls-devel, gnutls-32bit, gnutls-devel-32bit
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SERVER 10-SP3 (i386, x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)