FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- Memory corruption vulnerabilities

Affected packages
		gnutls	<	3.5.8

Details

VuXML ID	0c5369fc-d671-11e6-a9a5-b499baebfeaf
Discovery	2017-01-09
Entry	2017-01-09

The GnuTLS project reports:

It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. (GNUTLS-SA-2017-2)

It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted X.509 certificate with Proxy Certificate Information extension present could lead to a double free. (GNUTLS-SA-2017-1)

[source]

References

URL	http://www.gnutls.org/news.html#2017-01-09
URL	http://www.gnutls.org/security.html#GNUTLS-SA-2017-1
URL	http://www.gnutls.org/security.html#GNUTLS-SA-2017-2