rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ff2a4bc31b
gnutls/gnutls-3.8.10-1817-security-parameters.patch
Alexander Sosedkin b0f3d6f1b7 Fix 3.8.13 CVEs and security issues, update Makefile.in 
- Fix CVE-2026-33846
- Fix CVE-2026-42009
- Fix CVE-2026-33845
- Fix CVE-2026-42010
- Fix CVE-2026-3833
- Fix CVE-2026-42011
- Fix CVE-2026-42012
- Fix CVE-2026-42013
- Fix CVE-2026-42014
- Fix CVE-2026-5260
- Fix CVE-2026-42015
- Fix CVE-2026-3832
- Fix CVE-2026-5419
- Fix upstream security issue #1808
- Fix upstream security issue #1810
- Fix upstream security issue #1813
- Fix upstream security issue #1818
- Fix upstream security issue #1818
- Fix upstream security issue #1819
- Fix upstream security issue #1822
- Fix upstream security issue #1841
- Fix upstream security issue #1823
- Fix upstream security issue #1817
- Fix upstream security issue #1820
- gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in

Resolves: RHEL-159043
Resolves: RHEL-159038
Resolves: RHEL-154315
2026-04-30 09:28:27 +02:00

36 lines
1.2 KiB
Diff
Raw Blame History

From 3d45a63b16f64ac53abe9f1a02135e8daf1020f8 Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 7 Apr 2026 10:16:03 +0200
Subject: [PATCH] session_pack: validate session_id_size on unpacking
A check for session_id_size not exceeding GNUTLS_MAX_SESSION_ID_SIZE
on loading persisted TLS session data was overlooked,
leading to a heap overflow
were the data corrupted in a malicious manner.
Reported-by: Haruto Kimura (Stella)
Fixes: #1817
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
---
lib/session_pack.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/session_pack.c b/lib/session_pack.c
index bd1ce3361..6c1d98270 100644
--- a/lib/session_pack.c
+++ b/lib/session_pack.c
@@ -973,6 +973,10 @@ static int unpack_security_parameters(gnutls_session_t session,
&session->internals.resumed_security_parameters.session_id_size,
1);
+ if (session->internals.resumed_security_parameters.session_id_size >
+ GNUTLS_MAX_SESSION_ID_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
BUFFER_POP(
ps, session->internals.resumed_security_parameters.session_id,
session->internals.resumed_security_parameters.session_id_size);
--
2.53.0
Reference in New Issue View Git Blame Copy Permalink