CVE-2008-1948

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 2.2.4 GnuTLS versions prior to 2.2.5

Description The issue affects the gnutls package in various Linux distributions, including openSUSE and SUSE Linux Enterprise, allowing remote attackers to exploit multiple vulnerabilities and potentially disrupt the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. A specific function, gnutls server name recv params, does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message, leading to a potential buffer overflow in session resumption data.

Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later. For versions prior to 2.2.5, update to version 2.2.5 or later. As a temporary workaround, consider restricting access to the vulnerable gnutls package until a patch is available.