First published: Wed Jan 11 2017(Updated: )
A vulnerability was found in gnutls. There was an insufficient error checking in the stream reading functions. While parsing a maliciously crafted OpenPGP certificate an out of memory error could occur. References: <a href="http://seclists.org/oss-sec/2017/q1/51">http://seclists.org/oss-sec/2017/q1/51</a> <a href="https://gnutls.org/security.html#GNUTLS-SA-2017-2">https://gnutls.org/security.html#GNUTLS-SA-2017-2</a> Upstream patch: <a href="https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a">https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a</a>
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gnutls | <3.3.26 | 3.3.26 |
redhat/gnutls | <3.5.8 | 3.5.8 |
openSUSE Leap | =42.1 | |
openSUSE Leap | =42.2 | |
GNU GnuTLS | <=3.3.25 | |
GNU GnuTLS | =3.5.0 | |
GNU GnuTLS | =3.5.1 | |
GNU GnuTLS | =3.5.2 | |
GNU GnuTLS | =3.5.3 | |
GNU GnuTLS | =3.5.4 | |
GNU GnuTLS | =3.5.5 | |
GNU GnuTLS | =3.5.6 | |
GNU GnuTLS | =3.5.7 | |
debian/gnutls28 | 3.7.1-5+deb11u5 3.7.1-5+deb11u6 3.7.9-2+deb12u3 3.8.8-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.