PDA

View Full Version : gnutls CVE-2014-3466



creej
04-Jun-2014, 16:14
Will there be a patched version of gnutls through online update for CVE-2014-3466 or should I patch manually?

Thanks,

Jeff

smflood
04-Jun-2014, 17:39
On 04/06/2014 16:24, creej wrote:

> Will there be a patched version of gnutls through online update for
> CVE-2014-3466 or should I patch manually?

Since you have asked in a forum related to SUSE Linux Enterprise Server
(SLES) which version(s) of SLES are you using?

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

creej
04-Jun-2014, 18:02
On 04/06/2014 16:24, creej wrote:

> Will there be a patched version of gnutls through online update for
> CVE-2014-3466 or should I patch manually?

Since you have asked in a forum related to SUSE Linux Enterprise Server
(SLES) which version(s) of SLES are you using?

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

Which versions you got? :-)

Pretty much everything from SLES 9 SP3 to SLES 11 SP3.

Jeff

mikewillis
04-Jun-2014, 19:38
Patches for some products are certainly imminent:
http://support.novell.com/security/cve/CVE-2014-3466.html
I don't know which versions of SLES contain versions of gnutls that are affected.

smflood
05-Jun-2014, 11:19
On 04/06/2014 18:04, creej wrote:

> Which versions you got? :-)
>
> Pretty much everything from SLES 9 SP3 to SLES 11 SP3.

Patched versions for SLES11 SP3 would appear to now be available via the
Updates repo and possibly for download via Patch Finder (but that
currently seems to be broken which I've reported).

For earlier versions of SLES you'll either need to upgrade to SLES11 SP3
or compile your own patched versions since versions of SLES earlier than
SLES11 SP3 are no longer supported unless you've signed up to Long Term
Service Pack Support.

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

creej
05-Jun-2014, 20:05
Thanks guys!