Mehrere Probleme in GNU Transport Layer Security Library
ID: | FEDORA-2017-e86817c42e |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Sa, 14. Januar 2017, 09:01 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334 |
Applikationen: | GNU Transport Layer Security Library |
Originalnachricht |
|
Name : gnutls Product : Fedora 24 Version : 3.4.17 Release : 2.fc24 URL : http://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-5337, CVE-2017-5334, CVE-2017-5336, CVE-2017-5335 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c https://bugzilla.redhat.com/show_bug.cgi?id=1411836 [ 2 ] Bug #1411835 - CVE-2017-5334 gnutls: Double-free while decoding crafted X.509 certificates https://bugzilla.redhat.com/show_bug.cgi?id=1411835 [ 3 ] Bug #1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid https://bugzilla.redhat.com/show_bug.cgi?id=1412236 [ 4 ] Bug #1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate https://bugzilla.redhat.com/show_bug.cgi?id=1412235 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gnutls' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |