MGASA-2017-0212

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0212.html

Import Source

https://advisories.mageia.org/MGASA-2017-0212.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0212

Related

Published

2017-07-22T09:36:26Z

Modified

2017-07-22T09:23:43Z

Summary

Updated gnutls packages fix security vulnerabilities

Details

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. (CVE-2017-7869)

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. (CVE-2017-7507)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.21-1.4.mga5

Ecosystem specific

{
    "section": "core"
}