Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 24: FEDORA-2017-e86817c42e Critical: GnuTLS DoS Issues

fedora
Calendar Grey January 14, 2017
Dist Fedora Esm H88
Urgent security patch for gnutls in Fedora, correcting several significant vulnerabilities such as heap and buffer overflows.
Security fix for CVE-2017-5337, CVE-2017-5334, CVE-2017-5336, CVE-2017-5335

Summary

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS

protocols and technologies around them. It provides a simple C language

application programming interface (API) to access the secure communications

protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and

other required structures.

Update Information:

Security fix for CVE-2017-5337, CVE-2017-5334, CVE-2017-5336, CVE-2017-5335

Change Log

References


[ 1 ] Bug #1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c https://bugzilla.redhat.com/show_bug.cgi?id=1411836 [ 2 ] Bug #1411835 - CVE-2017-5334 gnutls: Double-free while decoding crafted X.509 certificates https://bugzilla.redhat.com/show_bug.cgi?id=1411835 [ 3 ] Bug #1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid https://bugzilla.redhat.com/show_bug.cgi?id=1412236 [ 4 ] Bug #1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate https://bugzilla.redhat.com/show_bug.cgi?id=1412235

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gnutls' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnutls
Product: Fedora 24
Version: 3.4.17
Release: 2.fc24
Summary: A TLS protocol implementation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.