lib32-gnutls

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A library which provides a secure layer over a reliable transport layer (32-bit)
Version	3.8.5-1 [multilib]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-295	3.4.15-1	3.5.13-1	Medium	Fixed
AVG-17	3.4.14-1	3.4.15-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2017-7507	AVG-295	Medium	Yes	Denial of service	GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could...
CVE-2016-7444	AVG-17	Medium	Yes	Certificate verification bypass	Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from...

Issue

Group

Severity

Remote

Type

Description

CVE-2017-7507

AVG-295

Medium

Yes

Denial of service

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could...

CVE-2016-7444

AVG-17

Medium

Yes

Certificate verification bypass

Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from...

Advisories

Date	Advisory	Group	Severity	Type
11 Jul 2017	ASA-201707-6	AVG-295	Medium	denial of service
26 Sep 2016	ASA-201609-26	AVG-17	Medium	certificate verification bypass