An update that fixes 5 vulnerabilities is now available.
Description:
GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed.
* Possible memory corruption during connect (CVE-2014-3466) * Multiple boundary check issues could allow DoS (CVE-2014-3467) * asn1_get_bit_der() can return negative bit length (CVE-2014-3468) * Possible DoS by NULL pointer dereference (CVE-2014-3469) * Possible timing side-channel attack (Lucky 13) (CVE-2013-1619)