From a7794268d7ae27ebd04258024e8cbeec94d3c11d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: May 30 2014 07:38:54 +0000 Subject: Added fix for CVE-2014-3466. Resolves: #1103046 --- diff --git a/gnutls-3.1.18-cve-2014-3466.patch b/gnutls-3.1.18-cve-2014-3466.patch new file mode 100644 index 0000000..23da09f --- /dev/null +++ b/gnutls-3.1.18-cve-2014-3466.patch @@ -0,0 +1,13 @@ +diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c +index c8bd18b..53c2136 100644 +--- a/lib/gnutls_handshake.c ++++ b/lib/gnutls_handshake.c +@@ -1679,7 +1679,7 @@ _gnutls_read_server_hello (gnutls_session_t session, + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; diff --git a/gnutls.spec b/gnutls.spec index 3dfd715..1bc654c 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -3,7 +3,7 @@ Summary: A TLS protocol implementation Name: gnutls Version: 3.1.20 -Release: 4%{?dist} +Release: 5%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+, however # the bundled gnulib is LGPLv3+ License: GPLv3+ and LGPLv2+ and LGPLv3+ @@ -43,6 +43,7 @@ Patch9: gnutls-3.1.10-tests-rndport.patch Patch10: gnutls-3.1.18-suiteb.patch Patch11: gnutls-3.1.20-v1-fix.patch Patch12: gnutls-3.1.18-cve-2014-0092.patch +Patch13: gnutls-3.1.18-cve-2014-3466.patch # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -154,6 +155,7 @@ This package contains Guile bindings for the library. %patch10 -p1 -b .suiteb %patch11 -p1 -b .v1-fix %patch12 -p1 -b .cve-2014-0092 +%patch13 -p1 -b .cve-2014-3466 %{SOURCE2} -e @@ -289,6 +291,9 @@ fi %endif %changelog +* Fri May 30 2014 Nikos Mavrogiannopoulos - 3.1.20-5 +- fixes CVE-2014-3466 (#1103046) + * Thu Feb 27 2014 Nikos Mavrogiannopoulos - 3.1.20-4 - fixes CVE-2014-0092