Overview

File _patchinfo of Package patchinfo.11055

<patchinfo incident="11055">
  <issue tracker="bnc" id="1130681">VUL-0: CVE-2019-3829: gnutls: gnutls: use-after-free/double-free in certificate verification</issue>
  <issue tracker="bnc" id="1130682">VUL-0: CVE-2019-3836: gnutls: gnutls: invalid pointer access upon receiving async handshake messages</issue>
  <issue tracker="bnc" id="1118087">VUL-0: CVE-2018-16868: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification</issue>
  <issue tracker="cve" id="2019-3836"/>
  <issue tracker="cve" id="2018-16868"/>
  <issue tracker="cve" id="2019-3829"/>
  <issue tracker="fate" id="327114"/>
  <packager>jsikes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gnutls</summary>
  <description>This update for gnutls fixes to version 3.6.7 the following issues:

Security issued fixed:

- CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682).
- CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681).
- CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087)

Non-security issue fixed:

- Update gnutls to support TLS 1.3 (fate#327114) 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places