漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that GnuTLS incorrectly handled decoding a status response TLS extension.
It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP certificates.
漏洞危害
A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507)
A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7869)
解决方案
Refer to Ubuntu advisory USN-3318-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3318-1: 16.04 (Xenial) on src (libgnutls30)
USN-3318-1: 17.04 (zesty) on src (libgnutls30)
0daybank
文章评论