Bug 927411 (CVE-2015-3308) - VUL-0: CVE-2015-3308: gnutls: double-free in gnutls (CRL distribution points parsing)
Summary: VUL-0: CVE-2015-3308: gnutls: double-free in gnutls (CRL distribution points ...
Status: RESOLVED FIXED
Alias: CVE-2015-3308
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Vítězslav Čížek
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-16 09:35 UTC by Andreas Stieger
Modified: 2015-04-22 14:42 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-16 09:35:20 UTC 
via oss-sec http://seclists.org/oss-sec/2015/q2/174

> gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.
>
> It will affect applications which parse CRL distribution points or
> print contents of certificates with gnutls-provided functions (e.g.
> gnutls_x509_crt_print())
>
> Usually a DoS under modern mem allocators, but creating something more
> interesting using double-free exploitation techniques is not out of
> the question
>
> https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
> https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02

Use CVE-2015-3308.
Comment 1 Swamp Workflow Management 2015-04-16 22:00:13 UTC 
bugbot adjusting priority
Comment 3 Andreas Stieger 2015-04-22 14:42:09 UTC 
Affected gnutls_x509_ext_import_crl_dist_points was introduced in 3.3.0, no rewrite/copy seen.
https://gitlab.com/gnutls/gnutls/commit/2bd323f728d75c44a2d7398503178b75e5b63263

SLE not affected.
openSUSE 13.1/13.2 not affected.
Base:System/gnutls fixed.