Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398)
- GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173)
- Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
gnutls-3.2.15-11.3.1
libgnutls-devel-3.2.15-11.3.1
libgnutls-devel-32bit-3.2.15-11.3.1
libgnutls-openssl-devel-3.2.15-11.3.1
libgnutls-openssl27-3.2.15-11.3.1
libgnutls28-3.2.15-11.3.1
libgnutls28-32bit-3.2.15-11.3.1
libgnutlsxx-devel-3.2.15-11.3.1
libgnutlsxx28-3.2.15-11.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1875-1
- SUSE Security Ratings
Описание
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Затронутые продукты
openSUSE Leap 42.2:gnutls-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-devel-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-devel-32bit-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-openssl-devel-3.2.15-11.3.1
Ссылки
- CVE-2017-7507
- SUSE Bug 1043398
Описание
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
Затронутые продукты
openSUSE Leap 42.2:gnutls-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-devel-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-devel-32bit-3.2.15-11.3.1
openSUSE Leap 42.2:libgnutls-openssl-devel-3.2.15-11.3.1
Ссылки
- CVE-2017-7869
- SUSE Bug 1034173
- SUSE Bug 1038337
- SUSE Bug 1149679