{"id":"MGASA-2017-0212","summary":"Updated gnutls packages fix security vulnerabilities","details":"GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer\noverflow and heap-based buffer overflow related to the cdk_pkt_read\nfunction in opencdk/read-packet.c. This issue (which is a subset of the\nvendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. (CVE-2017-7869)\n\nGnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer\ndereference while decoding a status response TLS extension with valid\ncontents. This could lead to a crash of the GnuTLS server application.\n(CVE-2017-7507)\n","modified":"2026-04-16T01:45:38.092866226Z","published":"2017-07-22T09:36:26Z","upstream":["CVE-2017-7507","CVE-2017-7869"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0212.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20417"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-07/msg00064.html"},{"type":"WEB","url":"http://www.gnutls.org/security.html#GNUTLS-SA-2017-3"},{"type":"WEB","url":"http://www.gnutls.org/security.html#GNUTLS-SA-2017-4"}],"affected":[{"package":{"name":"gnutls","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnutls?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.21-1.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0212.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}