CVE-2016-7444

Related Files

Red Hat Security Advisory 2017-2292-01

Posted Aug 1, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2292-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash.

tags | advisory, protocol

systems | linux, redhat

advisories | CVE-2016-7444, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7507, CVE-2017-7869

SHA-256 | c3486f3faa819e7510a3c9b084abd586ba71538517de37cd25648d051b4640f1

Download | Favorite | View

Ubuntu Security Notice USN-3183-2

Posted Mar 20, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-2 - USN-3183-1 fixedCVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334

SHA-256 | c20be476843f82dbeef2f80230bbcaa5a17fdb8eea114d74c07fde2da3274f09

Download | Favorite | View

Ubuntu Security Notice USN-3183-1

Posted Feb 2, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-1 - Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337

SHA-256 | 035914142c4ddafee94b71aaabdb111a04a8be64edf6d0cf13cb9129c4828f7b

Download | Favorite | View