|Summary:||CVE-2014-3465 gnutls: gnutls_x509_dn_oid_name NULL pointer dereference|
|Product:||[Other] Security Response||Reporter:||Tomas Hoger <thoger>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||carnil, jkurik, jrusnack, nmavrogi, security-response-team|
|Fixed In Version:||gnutls 3.1.20, gnutls 3.2.10||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-06-10 12:29:51 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1102027, 1102028|
Description Tomas Hoger 2014-05-27 19:58:10 UTC
A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. The issue was corrected upstream using the following commit: https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6 The fix was first included in upstream versions 3.1.20 and 3.2.10: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7251 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7250 Affected function was introduced in GnuTLS version 3.0: http://gnutls.org/manual/html_node/X509-certificate-API.html#gnutls_005fx509_005fdn_005foid_005fname-1 The gnutls packages in Red Hat Enterprise Linux 6 and earlier include GnuTLS versions 2.x or 1.x and were therefore not affected by this issue. The gnutls and mingw-gnutls packages in Fedora are already updated to the fixed upstream version.
Comment 1 Tomas Hoger 2014-05-27 20:00:00 UTC
Statement: This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5, and 6.
Comment 3 Tomas Hoger 2014-05-29 11:41:33 UTC
Acknowledgment: Red Hat would like to thank GnuTLS upstream for reporting this issue.