First published: Tue Jan 10 2017(Updated: )
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gnutls | <3.3.26 | 3.3.26 |
redhat/gnutls | <3.5.8 | 3.5.8 |
openSUSE Leap | =42.1 | |
openSUSE Leap | =42.2 | |
GNU GnuTLS | <=3.3.25 | |
GNU GnuTLS | =3.5.0 | |
GNU GnuTLS | =3.5.1 | |
GNU GnuTLS | =3.5.2 | |
GNU GnuTLS | =3.5.3 | |
GNU GnuTLS | =3.5.4 | |
GNU GnuTLS | =3.5.5 | |
GNU GnuTLS | =3.5.6 | |
GNU GnuTLS | =3.5.7 | |
debian/gnutls28 | 3.7.1-5+deb11u5 3.7.1-5+deb11u6 3.7.9-2+deb12u3 3.8.8-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.