Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201508-8 ======================================== Severity: Medium Date : 2015-08-25 CVE-ID : CVE-2015-6251 Package : gnutls Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package gnutls before version 3.4.4.1-1 is vulnerable to remote denial of service. Resolution ========= Upgrade to 3.4.4.1-1. # pacman -Syu "gnutls>=3.4.4.1-1" The problem has been fixed upstream in version 3.4.4 and 3.3.17. Workaround ========= None. Description ========== Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version fixing the issue. Impact ===== A remote attacker might be able to remotely crash a vulnerable application by supplying a crafted certificate with a very long DN. References ========= http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://access.redhat.com/security/cve/CVE-2015-6251