PublicDateAtUSN: 2017-01-11 Candidate: CVE-2017-5334 PublicDate: 2017-03-24 15:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334 https://gnutls.org/security.html#GNUTLS-SA-2017-1 http://seclists.org/oss-sec/2017/q1/51 https://ubuntu.com/security/notices/USN-3183-1 Description: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. Ubuntu-Description: Notes: mdeslaur> looks like this was introduced by mdeslaur> https://gitlab.com/gnutls/gnutls/commit/2bd323f728d75c44a2d7398503178b75e5b63263 Bugs: Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_gnutls26: upstream_gnutls26: not-affected precise_gnutls26: not-affected precise/esm_gnutls26: not-affected trusty_gnutls26: not-affected trusty/esm_gnutls26: not-affected vivid/ubuntu-core_gnutls26: DNE vivid/stable-phone-overlay_gnutls26: DNE xenial_gnutls26: DNE yakkety_gnutls26: DNE zesty_gnutls26: DNE artful_gnutls26: DNE bionic_gnutls26: DNE cosmic_gnutls26: DNE disco_gnutls26: DNE devel_gnutls26: DNE Patches_gnutls28: upstream: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b upstream: https://gitlab.com/gnutls/gnutls/commit/bbfd47d4bb6935b3eddae227deb9f340e2c1a69d (3.3) upstream_gnutls28: released (3.5.8-1) precise_gnutls28: ignored (reached end-of-life) precise/esm_gnutls28: DNE (precise was needed) trusty_gnutls28: ignored (reached end-of-life) trusty/esm_gnutls28: DNE (trusty was needed) vivid/stable-phone-overlay_gnutls28: ignored (reached end-of-life) vivid/ubuntu-core_gnutls28: ignored (reached end-of-life) xenial_gnutls28: released (3.4.10-4ubuntu1.2) esm-infra/xenial_gnutls28: released (3.4.10-4ubuntu1.2) yakkety_gnutls28: released (3.5.3-5ubuntu1.1) zesty_gnutls28: released (3.5.6-4ubuntu3) artful_gnutls28: released (3.5.6-4ubuntu3) bionic_gnutls28: released (3.5.6-4ubuntu3) cosmic_gnutls28: released (3.5.6-4ubuntu3) disco_gnutls28: released (3.5.6-4ubuntu3) devel_gnutls28: released (3.5.6-4ubuntu3)