{"id":"MGASA-2014-0458","summary":"Updated gnutls package fix security vulnerability","details":"An out-of-bounds memory write flaw was found in the way GnuTLS parsed\ncertain ECC (Elliptic Curve Cryptography) certificates or certificate\nsigning requests (CSR). A malicious user could create a specially crafted\nECC certificate or a certificate signing request that, when processed by an\napplication compiled against GnuTLS (for example, certtool), could cause\nthat application to crash or execute arbitrary code with the permissions of\nthe user running the application (CVE-2014-8564).\n","modified":"2026-04-16T06:23:49.901722290Z","published":"2014-11-15T18:31:46Z","upstream":["CVE-2014-8564"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0458.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14527"},{"type":"WEB","url":"http://www.gnutls.org/security.html#GNUTLS-SA-2014-5"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2014-1846.html"}],"affected":[{"package":{"name":"gnutls","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/gnutls?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.16-1.4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0458.json"}},{"package":{"name":"gnutls","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/gnutls?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.7-1.4.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0458.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}