Setuid programs using GnuTLS could potentially allow an attacker to
overwrite and corrupt arbitrary files in the filesystem. This issue was
introduced in GnuTLS 3.4.12 with the GNUTLS_KEYLOGFILE environment
variable handling via getenv() and fixed in GnuTLS 3.4.13 by switching
to secure_getenv() where available.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | lib32-gnutls | < 3.4.13-1 | UNKNOWN |