Gentoo Linux Security Advisory 201710-15 - A null pointer dereference in GnuTLS might allow attackers to cause a Denial of Service condition. Versions less than 3.5.13 are affected.
dc316e44c0b32de61fc10a02b2052b8f20b1341351d338cc9fd277321c0d3a54Red Hat Security Advisory 2017-2292-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash.
c3486f3faa819e7510a3c9b084abd586ba71538517de37cd25648d051b4640f1Ubuntu Security Notice 3318-1 - Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f4e9fbd06d58a6ad8959c75b013549926e1c4b169913ee8756ac561f05417da0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed