MGASA-2017-0053

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2016-8610 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337

Published: 20 Feb 2017, 13:00

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Feb 2017, 13:00

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated gnutls packages fix security vulnerability Remote denial of service in SSL alert handling. (CVE-2016-8610) In gnutls_x509_ext_import_proxy: if the language was set but the policy wasn't, that could lead to a double free. (CVE-2017-5334) Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows. (CVE-2017-5335, CVE-2017-5336 and CVE-2017-5337)

Affected Systems

mageia•gnutls
< 3.2.21-1.3.mga5

References (5)

https://advisories.mageia.org/MGASA-2017-0053.html
https://bugs.mageia.org/show_bug.cgi?id=20099
https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00063.html
http://www.gnutls.org/security.html
http://openwall.com/lists/oss-security/2017/01/11/4