{"id":"MGASA-2017-0053","summary":"Updated gnutls packages fix security vulnerability","details":"Remote denial of service in SSL alert handling. (CVE-2016-8610)\n\nIn gnutls_x509_ext_import_proxy: if the language was set but the policy\nwasn't, that could lead to a double free. (CVE-2017-5334)\n\nDecoding a specially crafted OpenPGP certificate could have lead to heap\nand stack overflows. (CVE-2017-5335, CVE-2017-5336 and CVE-2017-5337)\n","modified":"2026-01-31T07:33:48.366569Z","published":"2017-02-20T13:00:19Z","related":["CVE-2016-8610","CVE-2017-5334","CVE-2017-5335","CVE-2017-5336","CVE-2017-5337"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0053.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20099"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00063.html"},{"type":"REPORT","url":"http://www.gnutls.org/security.html"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2017/01/11/4"}],"affected":[{"package":{"name":"gnutls","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnutls?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.21-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0053.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}