[SECURITY] [DSA 3884-1] gnutls28 security update

2017-06-1617:03:07

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Debian Security Advisory DSA-3884-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
June 16, 2017 https://www.debian.org/security/faq

Package : gnutls28
CVE ID : CVE-2017-7507
Debian Bug : 864560

Hubert Kario discovered that GnuTLS, a library implementing the TLS and
SSL protocols, does not properly decode a status response TLS extension,
allowing a remote attacker to cause an application using the GnuTLS
library to crash (denial of service).

For the stable distribution (jessie), this problem has been fixed in
version 3.3.8-6+deb8u6.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 3.5.8-5+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 3.5.8-6.

We recommend that you upgrade your gnutls28 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9allgnutls-doc< 3.5.8-5+deb9u1gnutls-doc_3.5.8-5+deb9u1_all.deb
Debian8kfreebsd-amd64guile-gnutls< 3.3.8-6+deb8u6guile-gnutls_3.3.8-6+deb8u6_kfreebsd-amd64.deb
Debian8amd64guile-gnutls< 3.3.8-6+deb8u6guile-gnutls_3.3.8-6+deb8u6_amd64.deb
Debian8mipslibgnutls28-dev< 3.3.8-6+deb8u6libgnutls28-dev_3.3.8-6+deb8u6_mips.deb
Debian9i386libgnutls-openssl27< 3.5.8-5+deb9u1libgnutls-openssl27_3.5.8-5+deb9u1_i386.deb
Debian8i386guile-gnutls< 3.3.8-6+deb8u6guile-gnutls_3.3.8-6+deb8u6_i386.deb
Debian8armhflibgnutls-openssl27< 3.3.8-6+deb8u6libgnutls-openssl27_3.3.8-6+deb8u6_armhf.deb
Debian8ppc64ellibgnutlsxx28< 3.3.8-6+deb8u6libgnutlsxx28_3.3.8-6+deb8u6_ppc64el.deb
Debian8arm64libgnutlsxx28< 3.3.8-6+deb8u6libgnutlsxx28_3.3.8-6+deb8u6_arm64.deb
Debian8i386libgnutls-deb0-28< 3.3.8-6+deb8u6libgnutls-deb0-28_3.3.8-6+deb8u6_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	gnutls-doc	< 3.5.8-5+deb9u1	gnutls-doc_3.5.8-5+deb9u1_all.deb
Debian	8	kfreebsd-amd64	guile-gnutls	< 3.3.8-6+deb8u6	guile-gnutls_3.3.8-6+deb8u6_kfreebsd-amd64.deb
Debian	8	amd64	guile-gnutls	< 3.3.8-6+deb8u6	guile-gnutls_3.3.8-6+deb8u6_amd64.deb
Debian	8	mips	libgnutls28-dev	< 3.3.8-6+deb8u6	libgnutls28-dev_3.3.8-6+deb8u6_mips.deb
Debian	9	i386	libgnutls-openssl27	< 3.5.8-5+deb9u1	libgnutls-openssl27_3.5.8-5+deb9u1_i386.deb
Debian	8	i386	guile-gnutls	< 3.3.8-6+deb8u6	guile-gnutls_3.3.8-6+deb8u6_i386.deb
Debian	8	armhf	libgnutls-openssl27	< 3.3.8-6+deb8u6	libgnutls-openssl27_3.3.8-6+deb8u6_armhf.deb
Debian	8	ppc64el	libgnutlsxx28	< 3.3.8-6+deb8u6	libgnutlsxx28_3.3.8-6+deb8u6_ppc64el.deb
Debian	8	arm64	libgnutlsxx28	< 3.3.8-6+deb8u6	libgnutlsxx28_3.3.8-6+deb8u6_arm64.deb
Debian	8	i386	libgnutls-deb0-28	< 3.3.8-6+deb8u6	libgnutls-deb0-28_3.3.8-6+deb8u6_i386.deb