Environment
SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
Situation
SUSE Linux Enterprise Server 11 SP2 General support has ended on 31 Jan 2014.
Novell Open Enterprise Server 11 SP1 General support ends on 29 Jan 2015.
A number of GnuTLS related Security Vulnerabilities were reported.
Due to the current support status for Novell Open Enterprise Server 11 SP1, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES11 SP1 customers.
Novell Open Enterprise Server 11 SP1 General support ends on 29 Jan 2015.
A number of GnuTLS related Security Vulnerabilities were reported.
Due to the current support status for Novell Open Enterprise Server 11 SP1, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES11 SP1 customers.
Resolution
The oes11sp1-gnutls-9429 patch containing the
mentioned fixes for SLES 11 SP2 is released through the public OES11 SP1
patch repositories on 30 June 2014.
GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed.
Further information is available at http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
These security issues have been fixed:
- Possible memory corruption during connect (CVE-2014-3466)
- Multiple boundary check issues could allow DoS (CVE-2014-3467)
- asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
- Possible DoS by NULL pointer dereference (CVE-2014-3469)
Security Issues:
Cause
Multiple GnuTLS related security vulnerabilities.