Bugzilla – Bug 1130681
VUL-0: CVE-2019-3829: gnutls: gnutls: use-after-free/double-free in certificate verification
Last modified: 2024-04-08 13:51:01 UTC
rh#1677048 A flaw was found in gnutls 3.5.8 or later. A use-after-free in multi-threaded-clients and a double-free vulnerability in single-threaded clients because _gnutls_x509_get_signature does not clear signature->data in the cleanup path. Upstream bug: https://gitlab.com/gnutls/gnutls/issues/694 References: https://bugzilla.redhat.com/show_bug.cgi?id=1677048 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3829
Only SLE-15 and above are affected.
GnuTLS 3.6.7 was submitted to both Factory and SLE-15.
SUSE-SU-2019:1121-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1118087,1130681,1130682 CVE References: CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): gnutls-3.6.7-6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): gnutls-3.6.7-6.8.1 SUSE Linux Enterprise Module for Basesystem 15 (src): gnutls-3.6.7-6.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1353-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1118087,1130681,1130682 CVE References: CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Sources used: openSUSE Leap 15.0 (src): gnutls-3.6.7-lp150.9.1
done