SB2015090203 - Input validation error in GnuTLS
Published: September 2, 2015 Updated: July 28, 2020
Security Bulletin ID
SB2015090203
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-3308)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
Remediation
Install update from vendor's website.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html
- http://www.gnutls.org/security.html#GNUTLS-SA-2015-4
- http://www.openwall.com/lists/oss-security/2015/04/15/6
- http://www.openwall.com/lists/oss-security/2015/04/16/6
- http://www.securityfocus.com/bid/74188
- http://www.securitytracker.com/id/1033774
- http://www.ubuntu.com/usn/USN-2727-1
- https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
- https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
- https://security.gentoo.org/glsa/201506-03