漏洞信息详情

gnutls 资源管理错误漏洞

漏洞简介

gnutls是一款免费的用于实现SSL、TLS和DTLS协议的安全通信库。

gnutls 3.5.8版本至3.6.7之前版本中的证书验证存在双重释放漏洞。攻击者可利用该漏洞影响用于验证X.509证书的任意客户端或服务器。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/

来源:GENTOO

链接:https://security.gentoo.org/glsa/201904-14

来源:CONFIRM

链接:https://gitlab.com/gnutls/gnutls/issues/694

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/

来源:CONFIRM

链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3829

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html

来源:www.gnutls.org

链接:https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

来源:usn.ubuntu.com

链接:https://usn.ubuntu.com/3999-1/

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20191121-1.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-3829

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/79942

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153132/Ubuntu-Security-Notice-USN-3999-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.1945/

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/43696

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/GnuTLS-use-after-free-via-X-509-Certificate-Verification-28882

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多