GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. This issue affects only applications which utilize the OpenPGP certificate functionality of GnuTLS.
External References: https://www.gnutls.org/security.html#GNUTLS-SA-2017-3
Created gnutls30 tracking bugs for this issue: Affects: epel-6 [bug 1443537] Created mingw-gnutls tracking bugs for this issue: Affects: epel-7 [bug 1443538] Affects: fedora-all [bug 1443536]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292