A vulnerability was found in gnutls. There was an insufficient error checking in the stream reading functions. While parsing a maliciously crafted OpenPGP certificate an out of memory error could occur. References: http://seclists.org/oss-sec/2017/q1/51 https://gnutls.org/security.html#GNUTLS-SA-2017-2 Upstream patch: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1411838]
Created gnutls30 tracking bugs for this issue: Affects: epel-6 [bug 1411845]
Reproducer at: https://gitlab.com/gnutls/gnutls/commit/65ee81db857d3b44cec76aa94361abe5427430d8
Maps to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0574 https://rhn.redhat.com/errata/RHSA-2017-0574.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292