Bugzilla – Bug 1130682
VUL-0: CVE-2019-3836: gnutls: gnutls: invalid pointer access upon receiving async handshake messages
Last modified: 2024-04-08 13:51:06 UTC
rh#1678411 It was discovered in gnutls upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Upstream issue: https://gitlab.com/gnutls/gnutls/issues/704 References: https://bugzilla.redhat.com/show_bug.cgi?id=1678411 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3836
Only Factory is affected.
Fixed by the update to 3.6.7.
SUSE-SU-2019:1121-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1118087,1130681,1130682 CVE References: CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): gnutls-3.6.7-6.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): gnutls-3.6.7-6.8.1 SUSE Linux Enterprise Module for Basesystem 15 (src): gnutls-3.6.7-6.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1353-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1118087,1130681,1130682 CVE References: CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Sources used: openSUSE Leap 15.0 (src): gnutls-3.6.7-lp150.9.1
done