{ "schema_version": "1.6.2", "id": "MGASA-2015-0322", "published": "2015-08-25T18:17:48Z", "modified": "2015-08-25T18:02:24Z", "summary": "Updated gnutls packages fix security vulnerabilities", "details": "It was reported that GnuTLS does not check whether the two signature\nalgorithms match on certificate import (CVE-2015-0294).\n\nKurt Roeckx discovered that decoding a specific certificate with very long\nDistinguishedName (DN) entries leads to double free. A remote attacker can\ntake advantage of this flaw by creating a specially crafted certificate that,\nwhen processed by an application compiled against GnuTLS, could cause the\napplication to crash resulting in a denial of service (CVE-2015-6251).\n", "related": [ "CVE-2015-0294", "CVE-2015-6251" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0322.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=15504" }, { "type": "REPORT", "url": "https://www.debian.org/security/2015/dsa-3191" }, { "type": "REPORT", "url": "https://www.debian.org/security/2015/dsa-3334" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "gnutls", "purl": "pkg:rpm/mageia/gnutls?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.2.7-1.7.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "gnutls", "purl": "pkg:rpm/mageia/gnutls?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.2.21-1.1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }