ArchLinux: 201706-12: gnutls: denial of service
Summary
A security issue has been found in GnuTLS < 3.5.13, where decoding a status request TLS extension that has a non-empty responder IDs list could lead to a crash due to a null pointer dereference.
Resolution
Upgrade to 3.5.13-1.
# pacman -Syu "gnutls>=3.5.13-1"
The problem has been fixed upstream in version 3.5.13.
References
https://www.gnutls.org/security.html#GNUTLS-SA-2017-4 https://bugzilla.redhat.com/show_bug.cgi?id=1454621 https://security.archlinux.org/CVE-2017-7507
Workaround
None.