First published: Tue Jan 10 2017(Updated: )
A vulnerability was found in gnutls. A heap read overflow could occur while parsing maliciously crafted OpenPGP certificate. References: <a href="http://seclists.org/oss-sec/2017/q1/51">http://seclists.org/oss-sec/2017/q1/51</a> <a href="https://gnutls.org/security.html#GNUTLS-SA-2017-2">https://gnutls.org/security.html#GNUTLS-SA-2017-2</a> Upstream patch: <a href="https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a">https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a</a>
Credit: security@debian.org security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/gnutls | <3.3.26 | 3.3.26 |
redhat/gnutls | <3.5.8 | 3.5.8 |
openSUSE Leap | =42.1 | |
openSUSE Leap | =42.2 | |
GNU GnuTLS | <=3.3.25 | |
GNU GnuTLS | =3.5.0 | |
GNU GnuTLS | =3.5.1 | |
GNU GnuTLS | =3.5.2 | |
GNU GnuTLS | =3.5.3 | |
GNU GnuTLS | =3.5.4 | |
GNU GnuTLS | =3.5.5 | |
GNU GnuTLS | =3.5.6 | |
GNU GnuTLS | =3.5.7 | |
debian/gnutls28 | 3.7.1-5+deb11u5 3.7.1-5+deb11u6 3.7.9-2+deb12u3 3.8.8-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.