- Under certain circumstances, a NULL pointer could have been dereferenced in the GnuTLS library. This caused TLS clients, such as the rsyslog utility, to terminate unexpectedly with a segmentation fault. This update adds a test condition ensuring that a NULL pointer can no longer be dereferenced and TLS clients no longer crash.
- The gnutls packages reported wrong distinguished names (DNs) for chain CA certificates used for the client authentication; the issuer DN was reported instead of the subject DN. As a consequence, the TLS clients were not able to provide a client certificate signed by a chain CA certificate when connecting to a gnutls TLS server. The underlying source code has been modified and gnutls now reports the right DN and the TLS clients work as expected in the described scenario.
- Previously, in the certool utility was a missing check used for an empty string when a challenge password was entered. Consequently, certificate requests generated by certtool were sometimes invalid when an empty challenge password was used. This missing empty-string check has been added and now the certtool's certificate requests are valid even if the challenge password is not entered.
- Under certain circumstances, a null pointer could be dereferenced in the GnuTLS library. This caused TLS clients, such as the rsyslog utility, to terminate unexpectedly with a segmentation fault. This update adds a test condition ensuring that null pointers can no longer be dereferenced and TLS clients no longer crash.
- A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
- A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.
- A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.