ALAS-2017-815

Description

A denial of service flaw was found in the way the TLS/SSL protocol definedprocessing of ALERT packets during a connection handshake. A remote attackercould use this flaw to make a TLS/SSL server consume an excessive amount of CPUand fail to accept connections form other clients. (CVE-2016-8610 )Multiple flaws were found in the way gnutls processed OpenPGP certificates. Anattacker could create specially crafted OpenPGP certificates which, when parsedby gnutls, would cause it to crash. (CVE-2017-5335 , CVE-2017-5336 ,CVE-2017-5337 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
gnutls gnutls-2.12.23-21.18.amzn1.src
gnutls gnutls-2.12.23-21.18.amzn1.x86_64
gnutls gnutls-2.12.23-21.18.amzn1.i686
gnutls-debuginfo gnutls-debuginfo-2.12.23-21.18.amzn1.x86_64
gnutls-debuginfo gnutls-debuginfo-2.12.23-21.18.amzn1.i686
gnutls-devel gnutls-devel-2.12.23-21.18.amzn1.x86_64
gnutls-devel gnutls-devel-2.12.23-21.18.amzn1.i686
gnutls-guile gnutls-guile-2.12.23-21.18.amzn1.i686
gnutls-guile gnutls-guile-2.12.23-21.18.amzn1.x86_64
gnutls-utils gnutls-utils-2.12.23-21.18.amzn1.i686
gnutls-utils gnutls-utils-2.12.23-21.18.amzn1.x86_64