First published: Wed Jan 11 2017(Updated: )
A vulnerability was found in gnutls. A stack overflow could occur in opencdk in the cdk_pk_get_keyid function. A memory corruption could occur when parsing a maliciously crafted OpenPGP certificate. References: <a href="http://seclists.org/oss-sec/2017/q1/51">http://seclists.org/oss-sec/2017/q1/51</a> <a href="https://gnutls.org/security.html#GNUTLS-SA-2017-2">https://gnutls.org/security.html#GNUTLS-SA-2017-2</a> Upstream patch: <a href="https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732">https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732</a>
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gnutls | <3.3.26 | 3.3.26 |
redhat/gnutls | <3.5.8 | 3.5.8 |
openSUSE Leap | =42.1 | |
openSUSE Leap | =42.2 | |
GNU GnuTLS | <=3.3.25 | |
GNU GnuTLS | =3.5.0 | |
GNU GnuTLS | =3.5.1 | |
GNU GnuTLS | =3.5.2 | |
GNU GnuTLS | =3.5.3 | |
GNU GnuTLS | =3.5.4 | |
GNU GnuTLS | =3.5.5 | |
GNU GnuTLS | =3.5.6 | |
GNU GnuTLS | =3.5.7 | |
debian/gnutls28 | 3.7.1-5+deb11u5 3.7.1-5+deb11u6 3.7.9-2+deb12u3 3.8.8-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.