| Errata ID | 334 |
|---|---|
| Date | 2018-04-18 |
| Source package | gnutls28 |
| Fixed in version | 3.3.8-6+deb8u7 |
| Description | This update addresses the following issues: * Double free vulnerability in the gnutls_x509_ext_import_proxy function allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. (CVE-2017-5334) * The stream reading functions in lib/opencdk/read-packet.c allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. (CVE-2017-5335) * Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. (CVE-2017-5336) * Multiple heap-based buffer overflows in the read_attribute function allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. (CVE-2017-5337) * GnuTLS is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. (CVE-2017-7507) * GnuTLS has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue is a subset of the vendor's GNUTLS-SA-2017-3 report. (CVE-2017-7869) |
| Additional notes | |
| CVE ID | CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2017-7507 CVE-2017-7869 |
| UCS Bug number | #44855 |
