Overview

File _patchinfo of Package patchinfo.5070

<patchinfo incident="5070">
  <issue id="1038337" tracker="bnc">VUL-1: gnutls: out-of-bound read in OpenPGP certificate parsing</issue>
  <issue id="1034173" tracker="bnc">VUL-0: CVE-2017-7869: gnutls: integer overflow and heap-based buffer overflow (cdk_pkt_read function in opencdk/read-packet.c)</issue>
  <issue id="1043398" tracker="bnc">VUL-1: CVE-2017-7507: gnutls: Crash upon receiving well-formed status_request extension</issue>
  <issue id="2017-7869" tracker="cve" />
  <issue id="2017-7507" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for gnutls fixes the following issues:

- GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398)
- GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173)
- Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337)
</description>
  <summary>Security update for gnutls</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places