gnutls - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-945 | 3.6.6-3 | 3.6.7-1 | Critical | Fixed | |
| AVG-294 | 3.5.12-1 | 3.5.13-1 | Medium | Fixed | |
| AVG-26 | 3.4.14-1 | 3.4.15-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-3836 | AVG-945 | Medium | Yes | Denial of service | An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7. |
| CVE-2019-3829 | AVG-945 | Critical | Yes | Arbitrary code execution | A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including... |
| CVE-2017-7507 | AVG-294 | Medium | Yes | Denial of service | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could... |
| CVE-2016-7444 | AVG-26 | Medium | Yes | Certificate verification bypass | Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 05 Apr 2019 | ASA-201904-2 | AVG-945 | Critical | multiple issues |
| 13 Jun 2017 | ASA-201706-12 | AVG-294 | Medium | denial of service |
| 26 Sep 2016 | ASA-201609-25 | AVG-26 | Medium | certificate verification bypass |