Bug 805432 (CVE-2012-1573) - CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
Summary: CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-1573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 805074 805075 805078 805079 805438 805439 805440 805441 841165 1063396
Blocks: 804921
TreeView+ depends on / blocked
 
Reported: 2012-03-21 09:49 UTC by Stefan Cornelius
Modified: 2019-09-29 12:51 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-14 09:45:14 UTC


Attachments (Terms of Use)
Local copy of the Mu Dynamics advisory text (15.53 KB, text/plain)
2013-03-19 09:29 UTC, Tomas Hoger
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0428 normal SHIPPED_LIVE Important: gnutls security update 2012-03-28 02:54:10 UTC
Red Hat Product Errata RHSA-2012:0429 normal SHIPPED_LIVE Important: gnutls security update 2012-03-28 02:53:57 UTC
Red Hat Product Errata RHSA-2012:0488 normal SHIPPED_LIVE Important: rhev-hypervisor5 security and bug fix update 2012-04-17 21:51:57 UTC
Red Hat Product Errata RHSA-2012:0531 normal SHIPPED_LIVE Important: rhev-hypervisor6 security and bug fix update 2012-04-30 21:13:45 UTC

Description Stefan Cornelius 2012-03-21 09:49:29 UTC
GnuTLS 3.0.15 was released fixing the following issue:

** libgnutls: Corrections in record packet parsing.
Reported by Matthew Hall.
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912

Patch for 2.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d

Patch for 3.x:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=b495740f2ff66550ca9395b3fda3ea32c3acb185

Comment 3 Stefan Cornelius 2012-03-21 10:10:25 UTC
Created gnutls tracking bugs for this issue

Affects: fedora-all [bug 805440]

Comment 4 Stefan Cornelius 2012-03-21 10:10:29 UTC
Created mingw32-gnutls tracking bugs for this issue

Affects: fedora-all [bug 805441]

Comment 6 Stefan Cornelius 2012-03-23 13:08:20 UTC
Acknowledgements:

Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.

Comment 9 errata-xmlrpc 2012-03-27 22:56:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0429 https://rhn.redhat.com/errata/RHSA-2012-0429.html

Comment 10 errata-xmlrpc 2012-03-27 22:57:20 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0428 https://rhn.redhat.com/errata/RHSA-2012-0428.html

Comment 11 Fedora Update System 2012-04-11 03:49:30 UTC
gnutls-2.10.5-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2012-04-11 17:00:10 UTC
gnutls-2.10.5-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 errata-xmlrpc 2012-04-17 17:54:12 UTC
This issue has been addressed in following products:

  RHEV-H, V2V and Agents for RHEL-5

Via RHSA-2012:0488 https://rhn.redhat.com/errata/RHSA-2012-0488.html

Comment 14 errata-xmlrpc 2012-04-30 17:16:42 UTC
This issue has been addressed in following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2012:0531 https://rhn.redhat.com/errata/RHSA-2012-0531.html

Comment 15 Murray McAllister 2013-03-07 02:42:40 UTC
External Reference:

(none)

Comment 16 Tomas Hoger 2013-03-19 09:29:43 UTC
Created attachment 712480 [details]
Local copy of the Mu Dynamics advisory text

It seem the company got acquired and its main web site is no longer working.


Note You need to log in before you can comment on or make changes to this bug.