Synopsis: Moderate: gnutls security, bug fix, and enhancement update
Advisory ID: SLSA-2017:0574-1
Issue Date: 2017-03-21
CVE Numbers: CVE-2016-8610
CVE-2017-5337
CVE-2017-5335
CVE-2017-5336
—
The following packages have been upgraded to a later upstream version:
gnutls (2.12.23).
Security Fix(es):
* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume an
excessive amount of CPU and fail to accept connections form other clients.
(CVE-2016-8610)
* Multiple flaws were found in the way gnutls processed OpenPGP
certificates. An attacker could create specially crafted OpenPGP
certificates which, when parsed by gnutls, would cause it to crash.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
—
SL6
x86_64
gnutls-2.12.23-21.el6.i686.rpm
gnutls-2.12.23-21.el6.x86_64.rpm
gnutls-debuginfo-2.12.23-21.el6.i686.rpm
gnutls-debuginfo-2.12.23-21.el6.x86_64.rpm
gnutls-utils-2.12.23-21.el6.x86_64.rpm
gnutls-devel-2.12.23-21.el6.i686.rpm
gnutls-devel-2.12.23-21.el6.x86_64.rpm
gnutls-guile-2.12.23-21.el6.i686.rpm
gnutls-guile-2.12.23-21.el6.x86_64.rpm
i386
gnutls-2.12.23-21.el6.i686.rpm
gnutls-debuginfo-2.12.23-21.el6.i686.rpm
gnutls-utils-2.12.23-21.el6.i686.rpm
gnutls-devel-2.12.23-21.el6.i686.rpm
gnutls-guile-2.12.23-21.el6.i686.rpm
– Scientific Linux Development Team
