gnutls heartbleed equivalent?

Doug Barton dougb at dougbarton.us
Tue Jun 3 01:32:21 CEST 2014


I'm noticing this in today's Ubuntu updates:

SECURITY UPDATE: memory corruption due to server hello parsing
-debian/patches/CVE-2014-3466.patch: validate session_id_len in
lib/gnutls_handshake.c

I haven't looked at the code, and the CVE referenced is simply reserved, 
not populated yet. But that description sounds like it's at best a very 
close cousin to our friend heartbleed ...

curious,

Doug



More information about the Gnupg-users mailing list