ELA-84-1 gnutls26 security update
Package gnutls26
ELA-84-1 gnutls26 security update
Version 2.12.20-8+deb7u6
Related CVE CVE-2017-7869 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337
GNUTLS-SA-2017-2: CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
It was found that decoding a specially crafted OpenPGP certificate could
lead to heap and stack overflows. This may cause a denial-of-service
(out-of-memory error and crash) or lead to other unspecified impact by
remote attackers. This affects only applications which utilize the OpenPGP
certificate functionality of GnuTLS.
CVE-2017-7869
It was found that decoding a specially crafted OpenPGP certificate could
lead to (A) an integer overflow, resulting in an invalid memory write, (B)
a null pointer dereference resulting in a server crash, and (C) a large
allocation, resulting in a server out-of-memory condition. These affect
only applications which utilize the OpenPGP certificate functionality of
GnuTLS.
For Debian 7 Wheezy, these problems have been fixed in version 2.12.20-8+deb7u6.
We recommend that you upgrade your gnutls26 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A gnutls26 security update has been released for Debian GNU/Linux 7 Extended LTS to address heap and stack overflows.
