CVE-2017-7507

CVE-2017-7507 affects GnuTLS 3.5.12 and earlier, which are vulnerable to a NULL pointer dereference when decoding a status_request extension in ClientHello, potentially crashing the server. Several connected advisories confirm the issue and provide remediation: upgrade to GnuTLS 3.5.13 or newer (...

[SECURITY] [DSA 3884-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 16, 2017 https://www.debian.org/security/faq -...

Fedora 24 : webkitgtk4 (2017-d39099ea6a)

This update addresses the following vulnerabilities : - CVE-2017-2496, CVE-2017-2539, CVE-2017-2510 Additional fixes : - Fix URL shown in the title of beforeunload dialogs. - Focus first input field of HTTP authentication dialog. - Fix rendering glitches in HiDPI in long GitHub Gist pages when...

Debian Security Advisory DSA 3884-1 (gnutls28 - security update)

Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension, allowing a remote attacker to cause an application using the GnuTLS library to crash denial of service. OpenVAS Vulnerability Test $Id: deb3884.nasl 660...

Ubuntu 14.04 LTS / 16.04 LTS : GnuTLS vulnerabilities (USN-3318-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3318-1 advisory. Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this...

USN-3318-1: GnuTLS vulnerabilities

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. CVE-2017-7507 I...

USN-3318-1 gnutls26, gnutls28 vulnerabilities

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. CVE-2017-7507 I...

[SECURITY] Fedora 26 Update: mingw-gnutls-3.5.13-1.fc26

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Fedora Update for gnutls FEDORA-2017-f646217583

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-201706-12] gnutls: denial of service

Arch Linux Security Advisory ASA-201706-12 ========================================== Severity: Medium Date : 2017-06-13 CVE-ID : CVE-2017-7507 Package : gnutls Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-294 Summary ======= The package gnutls before version...

Fedora 25 : gnutls (2017-f646217583)

Update to upstream 3.5.13 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1111)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function...

[ASA-201706-10] lib32-libtasn1: arbitrary code execution

Arch Linux Security Advisory ASA-201706-10 ========================================== Severity: High Date : 2017-06-12 CVE-ID : CVE-2017-6891 Package : lib32-libtasn1 Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-286 Summary ======= The package lib32-libtas...

[SECURITY] Fedora 25 Update: gnutls-3.5.13-1.fc25

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

[SECURITY] Fedora 26 Update: gnutls-3.5.13-1.fc26

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

FreeBSD : GnuTLS -- Denial of service vulnerability (b33fb1e0-4c37-11e7-afeb-0011d823eebd)

The GnuTLS project reports : It was found using the TLS fuzzer tools that decoding a status response TLS extension with valid contents could lead to a crash due to a NULL pointer dereference. The issue affects GnuTLS server applications. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2017-7507

A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with statusrequest extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash...

GnuTLS -- Denial of service vulnerability

The GnuTLS project reports: It was found using the TLS fuzzer tools that decoding a status response TLS extension with valid contents could lead to a crash due to a null pointer dereference. The issue affects GnuTLS server applications...

Ubuntu 14.04 LTS / 16.04 LTS : Libtasn1 vulnerability (USN-3309-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3309-1 advisory. Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted...