Opened 5 years ago

Closed 5 years ago

#43865 closed update (fixed)

gnutls 3.3.3

Reported by: Schamschula (Marius Schamschula) Owned by: neverpanic (Clemens Lang)
Priority: High Milestone:
Component: ports Version: 2.3.0
Keywords: security Cc:
Port: gnutls

Description

gnutls has been updated to address CVE-2014-3466:

A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake.  A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

The flaw is in read_server_hello() / _gnutls_read_server_hello(), where session_id_len is checked to not exceed incoming packet size, but not checked to ensure it does not exceed maximum session id length:
https://www.gitorious.org/gnutls/gnutls/source/8d7d6c6:lib/gnutls_handshake.c#L1747

MacPorts still is using the outdated 3.1.x branch. I've updated gnutls to the current stable 3.3.x. branch.

Attachments (1)

Portfile-gnutls.diff (896 bytes) - added by Schamschula (Marius Schamschula) 5 years ago.

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by Schamschula (Marius Schamschula)

Attachment: Portfile-gnutls.diff added

comment:1 Changed 5 years ago by neverpanic (Clemens Lang)

Keywords: security added
Owner: changed from macports-tickets@… to cal@…
Priority: NormalHigh
Status: newassigned

comment:2 Changed 5 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: assignedclosed

In r120565, thanks for the patch. Added you as new maintainer in r120566 along with openmaintainer as discussed on IRC.

Note: See TracTickets for help on using tickets.