RHSA-2014:0594 - Security Advisory Synopsis: gnutls security update Type/Severity: Important Topic: Updated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Description: - A flaw in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake (CVE-2014-3466) - Incorrect length reported by asn1_get_bit_der() function in libtasn1 (CVE-2014-3468) - Multiple boundary check issues in libtasn1 (CVE-2014-3467) - NULL pointer dereference in libtasn1's asn1_read_value() function (CVE-2014-3469) Affected Products: - Red Hat Enterprise Linux 5 (various architectures and editions) Fixes: - BZ - 1101932 - CVE-2014-3466: insufficient session id length check in _gnutls_read_server_hello - BZ - 1102022 - CVE-2014-3467: libtasn1: multiple boundary check issues - BZ - 1102323 - CVE-2014-3468: libtasn1: asn1_get_bit_der() can return negative bit length - BZ - 1102329 - CVE-2014-3469: libtasn1: asn1_read_value_type() NULL pointer dereference CVEs: - CVE-2014-3466 - CVE-2014-3467 - CVE-2014-3468 - CVE-2014-3469 References: - Security Updates Classification