Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398)
- GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173)
- Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gnutls-3.2.15-18.3.1
libgnutls28-3.2.15-18.3.1
libgnutls28-32bit-3.2.15-18.3.1
SUSE Linux Enterprise Server 12 SP2
gnutls-3.2.15-18.3.1
libgnutls-openssl27-3.2.15-18.3.1
libgnutls28-3.2.15-18.3.1
libgnutls28-32bit-3.2.15-18.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gnutls-3.2.15-18.3.1
libgnutls-openssl27-3.2.15-18.3.1
libgnutls28-3.2.15-18.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gnutls-3.2.15-18.3.1
libgnutls-openssl27-3.2.15-18.3.1
libgnutls28-3.2.15-18.3.1
libgnutls28-32bit-3.2.15-18.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libgnutls-devel-3.2.15-18.3.1
libgnutls-openssl-devel-3.2.15-18.3.1
libgnutlsxx-devel-3.2.15-18.3.1
libgnutlsxx28-3.2.15-18.3.1
Ссылки
- Link for SUSE-SU-2017:1838-1
- E-Mail link for SUSE-SU-2017:1838-1
- SUSE Security Ratings
- SUSE Bug 1034173
- SUSE Bug 1038337
- SUSE Bug 1043398
- SUSE CVE CVE-2017-7507 page
- SUSE CVE CVE-2017-7869 page
Описание
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gnutls-3.2.15-18.3.1
SUSE Linux Enterprise Desktop 12 SP2:libgnutls28-3.2.15-18.3.1
SUSE Linux Enterprise Desktop 12 SP2:libgnutls28-32bit-3.2.15-18.3.1
SUSE Linux Enterprise Server 12 SP2:gnutls-3.2.15-18.3.1
Ссылки
- CVE-2017-7507
- SUSE Bug 1043398
Описание
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gnutls-3.2.15-18.3.1
SUSE Linux Enterprise Desktop 12 SP2:libgnutls28-3.2.15-18.3.1
SUSE Linux Enterprise Desktop 12 SP2:libgnutls28-32bit-3.2.15-18.3.1
SUSE Linux Enterprise Server 12 SP2:gnutls-3.2.15-18.3.1
Ссылки
- CVE-2017-7869
- SUSE Bug 1034173
- SUSE Bug 1038337
- SUSE Bug 1049210
- SUSE Bug 1149679