ALAS-2012-059


Amazon Linux AMI Security Advisory: ALAS-2012-59
Advisory Release Date: 2014-09-14 15:44 Pacific
Severity: Important

Issue Overview:

A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573 )

A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128 )


Affected Packages:

gnutls


Issue Correction:
Run yum update gnutls to update your system.

New Packages:
i686:
    gnutls-debuginfo-2.8.5-4.6.amzn1.i686
    gnutls-guile-2.8.5-4.6.amzn1.i686
    gnutls-utils-2.8.5-4.6.amzn1.i686
    gnutls-devel-2.8.5-4.6.amzn1.i686
    gnutls-2.8.5-4.6.amzn1.i686

src:
    gnutls-2.8.5-4.6.amzn1.src

x86_64:
    gnutls-2.8.5-4.6.amzn1.x86_64
    gnutls-guile-2.8.5-4.6.amzn1.x86_64
    gnutls-devel-2.8.5-4.6.amzn1.x86_64
    gnutls-utils-2.8.5-4.6.amzn1.x86_64
    gnutls-debuginfo-2.8.5-4.6.amzn1.x86_64