- Home
- CVEs with nessus.description==The following packages have been upgraded to a later upstream version:
gnutls (3.3.26).
Security Fix(es) :
- A double-free flaw was found in the way GnuTLS parsed
certain X.509 certificates with Proxy Certificate
Information extension. An attacker could create a
specially crafted certificate which, when processed by
an application compiled against GnuTLS, could cause that
application to crash. (CVE-2017-5334)
- Multiple flaws were found in the way gnutls processed
OpenPGP certificates. An attacker could create specially
crafted OpenPGP certificates which, when parsed by
gnutls, would cause it to crash. (CVE-2017-5335,
CVE-2017-5336, CVE-2017-5337, CVE-2017-7869)
- A NULL pointer dereference flaw was found in the way
GnuTLS processed ClientHello messages with
status_request extension. A remote attacker could use
this flaw to cause an application compiled with GnuTLS
to crash. (CVE-2017-7507)
- A flaw was found in the way GnuTLS validated
certificates using OCSP responses. This could falsely
report a certificate as valid under certain
circumstances. (CVE-2016-7444)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top