Scientific Linux Security Update : gnutls on SL6.x i386/x86_64
Medium Nessus Plugin ID 74306
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466)
For the update to take effect, all applications linked to the GnuTLS library must be restarted.
SolutionUpdate the affected packages.