A vulnerability was found in gnutls. A stack overflow could occur in opencdk in the cdk_pk_get_keyid function. A memory corruption could occur when parsing a maliciously crafted OpenPGP certificate. References: http://seclists.org/oss-sec/2017/q1/51 https://gnutls.org/security.html#GNUTLS-SA-2017-2 Upstream patch: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1411838]
Created gnutls30 tracking bugs for this issue: Affects: epel-6 [bug 1411845]
Reproducer at: https://gitlab.com/gnutls/gnutls/commit/611098e2f01fd8c3a5a625d61f26c56fcb3d770c
Maps to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0574 https://rhn.redhat.com/errata/RHSA-2017-0574.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292