CVE-2017-5335

Related Files

Red Hat Security Advisory 2017-2292-01

Posted Aug 1, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2292-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash.

tags | advisory, protocol

systems | linux, redhat

advisories | CVE-2016-7444, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7507, CVE-2017-7869

SHA-256 | c3486f3faa819e7510a3c9b084abd586ba71538517de37cd25648d051b4640f1

Download | Favorite | View

Red Hat Security Advisory 2017-0574-01

Posted Mar 21, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0574-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.

tags | advisory, remote, denial of service, protocol

systems | linux, redhat

advisories | CVE-2016-8610, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337

SHA-256 | 3e0fbad2d991e3754f3de9773a4b00b3ba45b6d5c193eac6121d81189ab9e730

Download | Favorite | View

Gentoo Linux Security Advisory 201702-04

Posted Feb 10, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-4 - Multiple vulnerabilities have been found in GnuTLS, the worst of which may allow execution of arbitrary code. Versions less than 3.3.26 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337

SHA-256 | 31206f8eaf8408614d3a0a6e9d6e303fd32e4b6e8db8090724eacc5a0cdbf158

Download | Favorite | View

Ubuntu Security Notice USN-3183-1

Posted Feb 2, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-1 - Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337

SHA-256 | 035914142c4ddafee94b71aaabdb111a04a8be64edf6d0cf13cb9129c4828f7b

Download | Favorite | View

Slackware Security Advisory - gnutls Updates

Posted Jan 13, 2017

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337

SHA-256 | 7a6924404be1d1075d8055a7671a2870b673ecc8a63a6325c6bb28b3ce1dff1d

Download | Favorite | View