Updated gnutls packages fix security vulnerability
Publication date: 20 Feb 2017Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5334 , CVE-2017-5335 , CVE-2017-5336 , CVE-2017-5337 , CVE-2016-8610
Description
Remote denial of service in SSL alert handling. (CVE-2016-8610)
In gnutls_x509_ext_import_proxy: if the language was set but the policy
wasn't, that could lead to a double free. (CVE-2017-5334)
Decoding a specially crafted OpenPGP certificate could have lead to heap
and stack overflows. (CVE-2017-5335, CVE-2017-5336 and CVE-2017-5337)
References
- https://bugs.mageia.org/show_bug.cgi?id=20099
- https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00063.html
- http://www.gnutls.org/security.html
- http://openwall.com/lists/oss-security/2017/01/11/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5335
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5336
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5337
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
SRPMS
5/core
- gnutls-3.2.21-1.3.mga5