Synopsis: Moderate: gnutls security, bug fix, and enhancement update
Advisory ID: SLSA-2017:0574-1
Issue Date: 2017-03-21
CVE Numbers: CVE-2016-8610
The following packages have been upgraded to a later upstream version:
* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume an
excessive amount of CPU and fail to accept connections form other clients.
* Multiple flaws were found in the way gnutls processed OpenPGP
certificates. An attacker could create specially crafted OpenPGP
certificates which, when parsed by gnutls, would cause it to crash.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
– Scientific Linux Development Team