GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
This issue affects only applications which utilize the OpenPGP certificate functionality of GnuTLS.
Created gnutls30 tracking bugs for this issue:
Affects: epel-6 [bug 1443537]
Created mingw-gnutls tracking bugs for this issue:
Affects: epel-7 [bug 1443538]
Affects: fedora-all [bug 1443536]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2292 https://access.redhat.com/errata/RHSA-2017:2292