CVE-2017-7869

Related Files

Red Hat Security Advisory 2017-2292-01

Posted Aug 1, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2292-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash.

tags | advisory, protocol

systems | linux, redhat

advisories | CVE-2016-7444, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7507, CVE-2017-7869

SHA-256 | c3486f3faa819e7510a3c9b084abd586ba71538517de37cd25648d051b4640f1

Download | Favorite | View

Ubuntu Security Notice USN-3318-1

Posted Jun 14, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3318-1 - Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2017-7507, CVE-2017-7869

SHA-256 | f4e9fbd06d58a6ad8959c75b013549926e1c4b169913ee8756ac561f05417da0

Download | Favorite | View