GLSA-201702-04 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201702-04 GnuTLS: Multiple vulnerabilities Multiple heap and stack overflows and double free vulnerabilities have been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE identifiers referenced below for details...

GnuTLS: Multiple vulnerabilities

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description Multiple heap and stack overflows and double free vulnerabilities have been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE identifiers referenced below for details. Impact A remote...

openSUSE Security Update : gnutls (openSUSE-2017-207)

This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

openSUSE: Security Advisory for gnutls (openSUSE-SU-2017:0386-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for gnutls (important)

This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)

This update for gnutls fixes the following security issues : - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

Ubuntu 14.04 LTS / 16.04 LTS : GnuTLS vulnerabilities (USN-3183-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3183-1 advisory. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this iss...

USN-3183-1: GnuTLS vulnerabilities

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. CVE-2016-7444 Shi Lei discovered that GnuTLS incorrectly...

SUSE-SU-2017:0348-1 Security update for gnutls

This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates GNUTLS-SA-2017-2, bsc1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336 - GnuTLS could have falsely accepted certificates when using OCSP...

SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:0304-1)

This update for gnutls fixes the following issues : - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser bsc961491. - CVE-2016-8610: Remote denial of service in SSL alert handling bsc1005879. - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate...

SUSE-SU-2017:0304-1 Security update for gnutls

This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser bsc961491. - CVE-2016-8610: Remote denial of service in SSL alert handling bsc1005879. - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate...

gnutls: Attempting free in _gnutls_buffer_append_printf

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5494487300177920 Project: gnutls Fuzzer: libFuzzergnutlsx509parserfuzzer Fuzz target binary: gnutlsx509parserfuzzer Job Type: libfuzzerasangnutls Platform Id: linux Crash Type:...

gnutls: Heap-buffer-overflow in cdk_pkt_read

Project: https://gitlab.com/gnutls/gnutls.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6104165726027776 Project: gnutls Fuzzer: libFuzzergnutlsopenpgpcertparserfuzzer Fuzz target binary: gnutlsopenpgpcertparserfuzzer Job Type: libfuzzerasangnutls Platform Id: linux...

Fedora 24 : gnutls (2017-e86817c42e)

Security fix for CVE-2017-5337, CVE-2017-5334, CVE-2017-5336, CVE-2017-5335 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for gnutls FEDORA-2017-e86817c42e

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: gnutls-3.4.17-2.fc24

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

GnuTLS Stack Buffer Overflow Vulnerability

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. GnuTLS suffers from a stack buffer overflow vulnerability that could be exploited by a remote attacker to submit a specially crafted request to crash an application linking to this library...

GnuTLS 'lib/opencdk/read-packet.c' buffer overflow vulnerability

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. A heap buffer overflow vulnerability exists in GnuTLS that could be exploited by a remote attacker to submit a specially crafted request to crash an application linking to this library...

GnuTLS Security Bypass Vulnerability (CNVD-2017-00484)

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. A security bypass vulnerability exists in GnuTLS that allows remote attackers to perform unauthorized operations by submitting special requests to bypass security restrictions...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnutls-3.5.8-i586-1slack14.2.txz: Upgraded. This update fixes some bugs and security issues. For more information, see:...