GnuTLS is vulnerable to arbitrary code execution attacks. A remote user can send a specially crafted OpenPGP certificate via the read_attribute
function to trigger a heap or stack overflow and execute arbitrary code on the target system.
lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html
rhn.redhat.com/errata/RHSA-2017-0574.html
www.openwall.com/lists/oss-security/2017/01/10/7
www.openwall.com/lists/oss-security/2017/01/11/4
www.securityfocus.com/bid/95372
www.securitytracker.com/id/1037576
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html
access.redhat.com/errata/RHSA-2017:0574
access.redhat.com/errata/RHSA-2017:2292
access.redhat.com/security/updates/classification/#moderate
bugs.chromium.org/p/oss-fuzz/issues/detail?id=338
bugs.chromium.org/p/oss-fuzz/issues/detail?id=346
bugzilla.redhat.com/show_bug.cgi?id=1320982
bugzilla.redhat.com/show_bug.cgi?id=1321112
bugzilla.redhat.com/show_bug.cgi?id=1323215
bugzilla.redhat.com/show_bug.cgi?id=1326073
bugzilla.redhat.com/show_bug.cgi?id=1326389
bugzilla.redhat.com/show_bug.cgi?id=1326886
bugzilla.redhat.com/show_bug.cgi?id=1327656
bugzilla.redhat.com/show_bug.cgi?id=1328205
bugzilla.redhat.com/show_bug.cgi?id=1333521
bugzilla.redhat.com/show_bug.cgi?id=1335924
bugzilla.redhat.com/show_bug.cgi?id=1337460
bugzilla.redhat.com/show_bug.cgi?id=1415682
gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
gnutls.org/security.html#GNUTLS-SA-2017-2
security.gentoo.org/glsa/201702-04