curl: CURLOPT_PROXY_CAINFO_BLOB silently activates native CA store on Apple builds

Hi all, CURLOPTPROXYCAINFOBLOB introduced 7.77.0 never sets proxyssl.customcablob. On USEAPPLESECTRUST / CURLCANATIVE builds this causes curl to silently fall back to the system keychain for proxy TLS verification, nullifying the caller's blob-only trust policy. --- Root cause lib/setopt.c handle...

nginx:1.24 security update

1.24.0-5.2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.2 - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159445...

nginx:1.24 security update

1.24.0-5.1.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.1 - Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 1:1.24.0-5 - Resolves:...

MiracleLinux 7 : gnutls-3.3.26-9.el7 (AXSA:2017-2203:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2203:01 advisory. GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language...

GoSign Desktop 信任管理问题漏洞

GoSign Desktop is an electronic document signing software from GoSign Lithuania. A trust management issue vulnerability exists in GoSign Desktop 2.4.1 and earlier versions, which stems from disabling TLS certificate validation when configuring a proxy server, which may result in integrity...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

EUVD-2017-14439

Malware in sbrugna...

K31336596: GnuTLS vulnerability CVE-2017-5334

Security Advisory Description Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information...

SUSE CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2017-1204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could...

gnutls: Double-free while decoding crafted X.509 certificates

A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash...

BSA-2017-249

Security Advisory ID : BSA-2017-249 Component : SSL TLS Revision : 1.0: Interim It was found using the OSS-FUZZfuzzerinfrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate Information extension present could lead to a double free. This issue was fixed...

GnuTLS Proxy Certificate Information Extension Memory Corruption (CVE-2017-5334)

A memory corruption vulnerability has been reported in the GnuTLS library. The vulnerability is due to improper handling of the Proxy Certificate Information extension in X.509 certificates. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted X.509 certificate to a...

Double free

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

DEBIAN-CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

CVE-2017-5334

Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...

CVE-2017-5334

CVE-2017-5334: Double-free vulnerability in GnuTLS in gnutls_x509_ext_import_proxy triggered by X.509 certificates with a Proxy Certificate Information extension. Affected upstream: GnuTLS < 3.3.26 and