A vulnerability was found in gnutls. A heap read overflow could occur while parsing maliciously crafted OpenPGP certificate. References: http://seclists.org/oss-sec/2017/q1/51 https://gnutls.org/security.html#GNUTLS-SA-2017-2 Upstream patch: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1411838]
This was addressed in F25 with https://bodhi.fedoraproject.org/updates/FEDORA-2017-88f1664dd4
Created gnutls30 tracking bugs for this issue: Affects: epel-6 [bug 1411845]
Reproducer at: https://gitlab.com/gnutls/gnutls/commit/d949c6266ce64f5c2419f8c7cf4a196122fff9d7
and https://gitlab.com/gnutls/gnutls/commit/e08b66b7cb4bc3f7ad56d081f0357ec1d39aa4ec
Maps to: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0574 https://rhn.redhat.com/errata/RHSA-2017-0574.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292