Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0120 A vulnerability has been identified in GnuTLS prior to versions 3.1.15 or 3.2.5. 30 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: GnuTLS Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-4466 Member content until: Friday, November 29 2013 OVERVIEW A vulnerability has been identified in GnuTLS prior to versions 3.1.15 or 3.2.5. [1] IMPACT The vendor has provided the following description regarding this vulnerability: "CVE-2013-4466: This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client." [1] MITIGATION The vendor recommends updating to the latest version of GnuTLS to correct these issues. REFERENCES [1] Advisories http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUnBmNxLndAQH1ShLAQJjWxAApQgo/9Ax6p/2JK65IOIH6RTCMu3oWjfq OAl3vMc7uFmuIO6QASsYwFSWxnrXSeJsmoAt+YojvBo71o05prs+cOAszAkE4U5r v2t2uZVZB63uKXn7N/jJhaXnWyVHDpsAz/jJ5fyoK+PlcfbxxN8FfstCnb84F6gz xKXpNrWQo9LqPc4Ofixs513T93j+pMkgpg8LykFWtP7tMW4CnfmydFLVjrbluMhw qpVvzRXOH5UvJdKm2xcfA7c+uT3PPN+tCkBYW1rOx3UWbOx8WPrP1VKpbCeKb5uM A6SlbJADSWKZhhCteHvHzgtjCpIpAqAlE1G+bbAIHKzPWw3uwq55LOywD7joBeq7 vOT/G+79Jiu1EKIvbfGRlequ2SPWaa60cATMNGobR3oNyGsBPfvPQqvpjnwa+VWF HJrhQv4ZwYS0tclT19v4l61h2kaU15l4ru0TpoSbzbz8fnotO6WdRLy/K3XpdIL/ MEMWp7aYhGen9+ZhJWf9/D3qRuRQ0jNkRNTL7ZLk3tDMnpYa5gu0l00STwMq7VXp Auh0hfN06IY/X4XWFwvNFo6l0UFLZuJ5794umJrm0VvjvHmGioEg4zon8rhY4pBL 9NJN/XynFakQ47Asz8ELjgUGazmQ2WHFGlK2B1zCQtdFG3Y1Vc011hRXYHbT2eZK LGvH9YN9fpw= =EO9q -----END PGP SIGNATURE-----