A flaw was found in gnutls 3.5.8 or later. A use-after-free in multi-threaded-clients and a double-free vulnerability in single-threaded clients because _gnutls_x509_get_signature does not clear signature->data in the cleanup path. Upstream bug: https://gitlab.com/gnutls/gnutls/issues/694
Acknowledgments: Name: Tavis Ormandy (Google Project Zero)
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1693210] Created mingw-gnutls tracking bugs for this issue: Affects: fedora-all [bug 1693211]
External References: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
Upstream patch: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3600 https://access.redhat.com/errata/RHSA-2019:3600