Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0386-1

Опубликовано: 04 фев. 2017
Источник: suse-cvrf

Описание

Security update for gnutls

This update for gnutls fixes the following security issues:

  • GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336)
  • GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444)
  • GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
gnutls-3.2.15-9.1
libgnutls-devel-3.2.15-9.1
libgnutls-devel-32bit-3.2.15-9.1
libgnutls-openssl-devel-3.2.15-9.1
libgnutls-openssl27-3.2.15-9.1
libgnutls28-3.2.15-9.1
libgnutls28-32bit-3.2.15-9.1
libgnutlsxx-devel-3.2.15-9.1
libgnutlsxx28-3.2.15-9.1
openSUSE Leap 42.2
gnutls-3.2.15-9.1
libgnutls-devel-3.2.15-9.1
libgnutls-devel-32bit-3.2.15-9.1
libgnutls-openssl-devel-3.2.15-9.1
libgnutls-openssl27-3.2.15-9.1
libgnutls28-3.2.15-9.1
libgnutls28-32bit-3.2.15-9.1
libgnutlsxx-devel-3.2.15-9.1
libgnutlsxx28-3.2.15-9.1

Ссылки

Описание

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Затронутые продукты
openSUSE Leap 42.1:gnutls-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-32bit-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-openssl-devel-3.2.15-9.1
Ссылки

Описание

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Затронутые продукты
openSUSE Leap 42.1:gnutls-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-32bit-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-openssl-devel-3.2.15-9.1
Ссылки

Описание

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Затронутые продукты
openSUSE Leap 42.1:gnutls-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-32bit-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-openssl-devel-3.2.15-9.1
Ссылки

Описание

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Затронутые продукты
openSUSE Leap 42.1:gnutls-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-32bit-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-openssl-devel-3.2.15-9.1
Ссылки

Описание

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Затронутые продукты
openSUSE Leap 42.1:gnutls-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-devel-32bit-3.2.15-9.1
openSUSE Leap 42.1:libgnutls-openssl-devel-3.2.15-9.1
Ссылки