Mandriva Linux Security Advisory : gnutls (MDVSA-2014:215)
Medium Nessus Plugin ID 79347
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated gnutls package fix security vulnerability :
An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2014-8564).
SolutionUpdate the affected packages.