gnutls-3.3.26-9.el7

エラータID: AXSA:2017-2203:01

リリース日: 
2017/09/14 Thursday - 11:31
題名: 
gnutls-3.3.26-9.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

CVE-2016-7444
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS
before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length
of an OCSP response, which might allow remote attackers to bypass an
intended certificate validation mechanism via vectors involving
trailing bytes left by gnutls_malloc.
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function
in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers
to have unspecified impact via crafted policy language information in
an X.509 certificate with a Proxy Certificate Information extension.
CVE-2017-5335
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS
before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a
denial of service (out-of-memory error and crash) via a crafted
OpenPGP certificate.
CVE-2017-5336
Stack-based buffer overflow in the cdk_pk_get_keyid function in
lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8
allows remote attackers to have unspecified impact via a crafted
OpenPGP certificate.
CVE-2017-5337
Multiple heap-based buffer overflows in the read_attribute function in
GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to
have unspecified impact via a crafted OpenPGP certificate.
CVE-2017-7507
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer
dereference while decoding a status response TLS extension with valid
contents. This could lead to a crash of the GnuTLS server application.
CVE-2017-7869
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an
integer overflow and heap-based buffer overflow related to the
cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a
subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.

解決策: 

Update packages.

CVE: 
CVE-2016-7444
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
CVE-2017-5335
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
CVE-2017-5336
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVE-2017-5337
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVE-2017-7507
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
CVE-2017-7869
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. gnutls-3.3.26-9.el7.src.rpm
    MD5: 347746ee288d991b500cf59aac797979
    SHA-256: 537c3dd314b756d2ba9d7aff114479b4d6a5f9ea82e1cf8ac6322cc2682aee96
    Size: 6.06 MB

Asianux Server 7 for x86_64
  1. gnutls-3.3.26-9.el7.x86_64.rpm
    MD5: d02acff26be2c1ee25d5ede8c44d000d
    SHA-256: ba1e2dd7c01c83f7eed9ba8d9cee89df497d22e4ad4c6f67211919d58e6e987e
    Size: 675.94 kB
  2. gnutls-c++-3.3.26-9.el7.x86_64.rpm
    MD5: 4fe1916c825423091837de36d8491949
    SHA-256: 01731e52075884b0d411fd5ba8c22993808dde38ff75e67fa49965252d2d5713
    Size: 32.27 kB
  3. gnutls-dane-3.3.26-9.el7.x86_64.rpm
    MD5: 40fed82b1d71a7e61f04d7fb3c306d71
    SHA-256: 65ae2669a97141ba87d0e787e516570bfc67a5b8928106a066572a610c9bc500
    Size: 33.49 kB
  4. gnutls-devel-3.3.26-9.el7.x86_64.rpm
    MD5: 73937500bb36b06d987119818f9d63f2
    SHA-256: c3ca8db39ac4b8b8d3f62841880862fdba606a184b7516843051489a37181180
    Size: 1.39 MB
  5. gnutls-utils-3.3.26-9.el7.x86_64.rpm
    MD5: eb25dcc5fda27196e13bf05f43c4a19e
    SHA-256: f67a4a77cd5616bb985f488648a30a267a751bf8c26004445163a3d7febb0c3f
    Size: 235.84 kB
  6. gnutls-3.3.26-9.el7.i686.rpm
    MD5: 2b99e78b43a9626ff6f729f4a40dc875
    SHA-256: 06021f84ed3f19136db8a781bce84ca2ae580f1cc24fdfc18f9ffb7e7abf13bc
    Size: 644.56 kB
  7. gnutls-c++-3.3.26-9.el7.i686.rpm
    MD5: f2b42fdfe08beca8f57f3ab13fc8b159
    SHA-256: da0e3b5d30cf4c2dc555e7dc56a5193a054ac4ebe24136a1dea12f01e9dddaf1
    Size: 32.89 kB
  8. gnutls-dane-3.3.26-9.el7.i686.rpm
    MD5: 3c10faa32990bb58437f43c5780b3089
    SHA-256: 3cc89c8185f68231f9f6baa4ae6baace34d4ff8dbb3b9a19279852e7d6b1c2f1
    Size: 33.42 kB
  9. gnutls-devel-3.3.26-9.el7.i686.rpm
    MD5: 528037417535ccea92fe6260273be9eb
    SHA-256: d903d65b1898863afea4677017617a7a0a20d385caef99f2112b970d4d0407f8
    Size: 1.39 MB