AVG-945

Package gnutls
Status Fixed
Severity Critical
Type multiple issues
Affected 3.6.6-3
Fixed 3.6.7-1
Current 3.6.9-1 [core]
Ticket None
Created Fri Mar 29 17:24:57 2019
Issue Severity Remote Type Description
CVE-2019-3836 Medium Yes Denial of service
An invalid pointer access via malformed TLS1.3 async messages has been found in GnuTLS versions prior to 3.6.7.
CVE-2019-3829 Critical Yes Arbitrary code execution
A critical memory corruption vulnerability has been found in GnuTLS versions prior to 3.6.7, in any API backed by verify_crt(), including...
Date Advisory Package Description
05 Apr 2019 ASA-201904-2 gnutls multiple issues
References
https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html