Bug 805432 - (CVE-2012-1573) CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120321,repo...
: Security
Depends On: 805074 805075 805078 805079 805438 805439 805440 805441 841165 1063396
Blocks: 804921
  Show dependency treegraph
 
Reported: 2012-03-21 05:49 EDT by Stefan Cornelius
Modified: 2016-02-15 08:50 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-14 05:45:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Local copy of the Mu Dynamics advisory text (15.53 KB, text/plain)
2013-03-19 05:29 EDT, Tomas Hoger
no flags Details

  None (edit)
Description Stefan Cornelius 2012-03-21 05:49:29 EDT
GnuTLS 3.0.15 was released fixing the following issue:

** libgnutls: Corrections in record packet parsing.
Reported by Matthew Hall.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912

Patch for 2.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d

Patch for 3.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
Comment 3 Stefan Cornelius 2012-03-21 06:10:25 EDT
Created gnutls tracking bugs for this issue

Affects: fedora-all [bug 805440]
Comment 4 Stefan Cornelius 2012-03-21 06:10:29 EDT
Created mingw32-gnutls tracking bugs for this issue

Affects: fedora-all [bug 805441]
Comment 6 Stefan Cornelius 2012-03-23 09:08:20 EDT
Acknowledgements:

Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.
Comment 9 errata-xmlrpc 2012-03-27 18:56:58 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0429 https://rhn.redhat.com/errata/RHSA-2012-0429.html
Comment 10 errata-xmlrpc 2012-03-27 18:57:20 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0428 https://rhn.redhat.com/errata/RHSA-2012-0428.html
Comment 11 Fedora Update System 2012-04-10 23:49:30 EDT
gnutls-2.10.5-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-04-11 13:00:10 EDT
gnutls-2.10.5-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 errata-xmlrpc 2012-04-17 13:54:12 EDT
This issue has been addressed in following products:

  RHEV-H, V2V and Agents for RHEL-5

Via RHSA-2012:0488 https://rhn.redhat.com/errata/RHSA-2012-0488.html
Comment 14 errata-xmlrpc 2012-04-30 13:16:42 EDT
This issue has been addressed in following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2012:0531 https://rhn.redhat.com/errata/RHSA-2012-0531.html
Comment 15 Murray McAllister 2013-03-06 21:42:40 EST
External Reference:

(none)
Comment 16 Tomas Hoger 2013-03-19 05:29:43 EDT
Created attachment 712480 [details]
Local copy of the Mu Dynamics advisory text

It seem the company got acquired and its main web site is no longer working.

Note You need to log in before you can comment on or make changes to this bug.