Описание
ELSA-2017-2292: gnutls security, bug fix, and enhancement update (MODERATE)
[3.3.26-9]
- Address crash in OCSP status request extension, by eliminating the unneeded parsing (CVE-2017-7507, #1455828)
[3.3.26-7]
- Address interoperability issue with 3.5.x (#1388932)
- Reject CAs which are both trusted and blacklisted in trust module (#1375303)
- Added new functions to set issuer and subject ID in certificates (#1378373)
- Reject connections with less than 1024-bit DH parameters (#1335931)
- Fix issue that made GnuTLS parse only the first 32 extensions (#1383748)
- Mention limitations of certtool in manpage (#1375463)
- Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642)
- Do not link directly to trousers but instead use dlopen (#1379739)
- Fix incorrect OCSP validation (#1377569)
- Added support for pin-value in PKCS#11 URIs (#1379283)
- Added the --id option to p11tool (#1399232)
- Improved sanity checks in RSA key generation (#1444780)
- Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
gnutls
3.3.26-9.el7
gnutls-c++
3.3.26-9.el7
gnutls-dane
3.3.26-9.el7
gnutls-devel
3.3.26-9.el7
gnutls-utils
3.3.26-9.el7
Oracle Linux x86_64
gnutls
3.3.26-9.el7
gnutls-c++
3.3.26-9.el7
gnutls-dane
3.3.26-9.el7
gnutls-devel
3.3.26-9.el7
gnutls-utils
3.3.26-9.el7
Ссылки на источники
Связанные уязвимости
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.