gnutls: denial of service

ID ASA-201508-8
Type archlinux
Reporter Arch Linux
Modified 2015-08-25T00:00:00


Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version fixing the issue.