Fix crash in cipher padding decoding for invalid record lengths. The crash can be triggered remotely before authentication, which can lead to a Daniel of Service attack to disable the server. The bug cause gnutls to read memory beyond the end of the received record.
Upstream announcements: http://www.gnu.org/software/gnutls/security.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00051.html http://lists.gnu.org/archive/html/gnutls-devel/2008-05/msg00060.html CERT-FI advisory: https://www.cert.fi/haavoittuvuudet/advisory-gnutls.html Upstream patches: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=bc8102405fda11ea00ca3b42acc4f4bce9d6e97b http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=d223040e498bd50a4b9e0aa493e78587ae1ed653
gnutls-2.0.4-3.fc9 has been submitted as an update for Fedora 9
gnutls-1.6.3-3.fc7 has been submitted as an update for Fedora 7
gnutls-1.6.3-3.fc8 has been submitted as an update for Fedora 8
gnutls-1.6.3-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
gnutls-2.0.4-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
gnutls-1.6.3-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0489.html http://rhn.redhat.com/errata/RHSA-2008-0492.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-4274 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-4183 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-4259