Описание
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gnutls28 | fixed | 3.8.4-1 | experimental | package |
| gnutls28 | fixed | 3.8.4-2 | package | |
| gnutls28 | fixed | 3.7.9-2+deb12u3 | bookworm | package |
| gnutls28 | not-affected | buster | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2269084
https://gitlab.com/gnutls/gnutls/-/issues/1525
https://gitlab.com/gnutls/gnutls/-/issues/1527
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
https://www.gnutls.org/security-new.html#GNUTLS-SA-2024-01-23
Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d (3.8.4)
Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/d268f19510a95f92d11d8f8dc7d94fcae4d765cc (3.7.0)
Связанные уязвимости
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.