| Package | gnutls26 |
|---|---|
| Version | 2.12.20-8+deb7u6 |
| Related CVEs | CVE-2017-7869 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 |
GNUTLS-SA-2017-2: CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
It was found that decoding a specially crafted OpenPGP certificate could
lead to heap and stack overflows. This may cause a denial-of-service
(out-of-memory error and crash) or lead to other unspecified impact by
remote attackers. This affects only applications which utilize the OpenPGP
certificate functionality of GnuTLS.
CVE-2017-7869
It was found that decoding a specially crafted OpenPGP certificate could
lead to (A) an integer overflow, resulting in an invalid memory write, (B)
a null pointer dereference resulting in a server crash, and (C) a large
allocation, resulting in a server out-of-memory condition. These affect
only applications which utilize the OpenPGP certificate functionality of
GnuTLS.
For Debian 7 Wheezy, these problems have been fixed in version 2.12.20-8+deb7u6.
We recommend that you upgrade your gnutls26 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.