SUSE-SU-2017:0304-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 27 Jan 2017, 17:23
Last modified:04 Feb 2026, 02:23
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Jan 2017, 17:23
Published
Vulnerability first disclosed
04 Feb 2026, 02:23
Last Modified
Vulnerability information updated
Description
Security update for gnutls This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832).
Affected Systems
- suse•gnutls&distro=SUSE Linux Enterprise High Availability Extension 11 SP4
< 2.4.1-24.39.67.1
- suse•gnutls&distro=SUSE Linux Enterprise Server 11 SP4
< 2.4.1-24.39.67.1
- suse•gnutls&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 2.4.1-24.39.67.1
- suse•gnutls&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 2.4.1-24.39.67.1
References (8)
- https://www.suse.com/support/update/announcement/2017/suse-su-20170304-1/
- https://bugzilla.suse.com/1005879
- https://bugzilla.suse.com/1018832
- https://bugzilla.suse.com/961491
- https://www.suse.com/security/cve/CVE-2016-8610
- https://www.suse.com/security/cve/CVE-2017-5335
- https://www.suse.com/security/cve/CVE-2017-5336
- https://www.suse.com/security/cve/CVE-2017-5337