GnuTLS Security update for Novell Open Enterprise Server 2 SP3.

  • 7015302
  • 01-Jul-2014
  • 01-Jul-2014


SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP4)
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3


SUSE Linux Enterprise Server 10 SP4 General support has ended on 31 July 2013.
Novell Open Enterprise Server 2 SP3 General support has ended on  31 July 2013.

A number of GnuTLS related Security Vulnerabilities were reported.

Due to the current extended support status for Novell Open Enterprise Server 2 SP3, the Novell and SUSE teams have closely collaborated to make these fix available for Novell OES2 SP3 customers.


The oes2sp3-gnutls-8896 patch containing the mentioned fixes for SLES 10 SP4 is released through the public OES2 SP3 patch repositories on 30 June 2014.

GnuTLS has been patched to ensure proper parsing of session ids during the TLS/SSL handshake. Additionally three issues inherited from libtasn1 have been fixed.

Further information is available at

These security issues have been fixed:

  • Possible memory corruption during connect (CVE-2014-3466)
  • Multiple boundary check issues could allow DoS (CVE-2014-3467)
  • asn1_get_bit_der() can return negative bit length (CVE-2014-3468)
  • Possible DoS by NULL pointer dereference (CVE-2014-3469)

Security Issues:


Multiple GnuTLS related security vulnerabilities.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.