Bug 1212459 (CVE-2015-3308)
Summary: | CVE-2015-3308 gnutls: use-after-free flaw in CRL distribution points parsing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acathrow, bmcclain, carnil, cfergeau, erik-fedora, idith, lsurette, michal.skrivanek, mike, rh-spice-bugs, rjones, sardella, slawomir, srevivo, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | gnutls 3.3.14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-13 21:04:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1212463, 1212464, 1212465 | ||
Bug Blocks: | 1212469 |
Description
Martin Prpič
2015-04-16 13:07:39 UTC
Created mingw-gnutls tracking bugs for this issue: Affects: fedora-21 [bug 1212464] Affects: epel-7 [bug 1212465] Created gnutls tracking bugs for this issue: Affects: fedora-21 [bug 1212463] The affected function, gnutls_x509_ext_import_crl_dist_points(), was introduced in GnuTLS version 3.3.0: http://gnutls.org/manual/html_node/X509-certificate-API.html#gnutls_005fx509_005fext_005fimport_005fcrl_005fdist_005fpoints-1 Statement: This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of gnutls as shipped with Red Hat Enterprise Linux 7. A further update may address this flaw. The fix for this was in 3.3.14. Fedora already has 3.3.14 updates for gnutls and mingw-gnutls. https://admin.fedoraproject.org/updates/FEDORA-2015-5108/gnutls-3.3.14-1.fc21 https://admin.fedoraproject.org/updates/FEDORA-2015-5131/gnutls-3.3.14-1.fc22 https://admin.fedoraproject.org/updates/FEDORA-2015-5245/mingw-gnutls-3.3.14-1.fc21,mingw-libtasn1-4.4-1.fc21 https://admin.fedoraproject.org/updates/FEDORA-2015-5308/mingw-gnutls-3.3.14-1.fc22,mingw-libtasn1-4.4-1.fc22 mingw-gnutls-3.3.14-1.el7, mingw-libtasn1-4.4-1.el7, mingw-p11-kit-0.20.7-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-3308 |