gnutls security, bug fix, and enhancement update

2017-08-07T00:00:00
ID ELSA-2017-2292
Type oraclelinux
Reporter Oracle
Modified 2017-08-07T00:00:00

Description

[3.3.26-9] - Address crash in OCSP status request extension, by eliminating the unneeded parsing (CVE-2017-7507, #1455828) [3.3.26-7] - Address interoperability issue with 3.5.x (#1388932) - Reject CAs which are both trusted and blacklisted in trust module (#1375303) - Added new functions to set issuer and subject ID in certificates (#1378373) - Reject connections with less than 1024-bit DH parameters (#1335931) - Fix issue that made GnuTLS parse only the first 32 extensions (#1383748) - Mention limitations of certtool in manpage (#1375463) - Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642) - Do not link directly to trousers but instead use dlopen (#1379739) - Fix incorrect OCSP validation (#1377569) - Added support for pin-value in PKCS#11 URIs (#1379283) - Added the --id option to p11tool (#1399232) - Improved sanity checks in RSA key generation (#1444780) - Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869