546760 – (CVE-2015-3308) <net-libs/gnutls-3.3.14: double-free in gnutls (CRL distribution points parsing) (CVE-2015-3308)

Bug 546760 (CVE-2015-3308) - <net-libs/gnutls-3.3.14: double-free in gnutls (CRL distribution points parsing) (CVE-2015-3308)

Summary: <net-libs/gnutls-3.3.14: double-free in gnutls (CRL distribution points parsi...

Status:	RESOLVED FIXED

Alias:	CVE-2015-3308

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	A3 [glsa cve]
Keywords:

Depends on:	548636
Blocks:
	Show dependency tree

Reported:	2015-04-16 10:15 UTC by Agostino Sarubbo
Modified:	2015-07-05 21:45 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-04-16 10:15:59 UTC

From ${URL} :

gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.

It will affect applications which parse CRL distribution points or
print contents of certificates with gnutls-provided functions (e.g.
gnutls_x509_crt_print())

Usually a DoS under modern mem allocators, but creating something more
interesting using double-free exploitation techniques is not out of
the question

changelists:
https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02



@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.

Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev

2015-04-16 21:46:47 UTC

(In reply to Agostino Sarubbo from comment #0)
> @maintainer(s): since the fixed package is already in the tree, please let
> us know if it is ready for the stabilization or not.

sure, needed anyway.
thanks!

Comment 2 Yury German Gentoo Infrastructure

2015-06-06 13:59:09 UTC

30+ days, are we ready to go stable?

Comment 3 Alon Bar-Lev (RETIRED) gentoo-dev

2015-06-06 19:12:38 UTC

(In reply to Yury German from comment #2)
> 30+ days, are we ready to go stable?

yes, already replied, do you want me to CC archs?

Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-06-06 19:55:17 UTC

(In reply to Alon Bar-Lev from comment #3)
> (In reply to Yury German from comment #2)
> > 30+ days, are we ready to go stable?
> 
> yes, already replied, do you want me to CC archs?

No, this is handled in bug 548636 , hence stable blocked :)

Comment 5 Yury German Gentoo Infrastructure

2015-06-21 03:18:08 UTC

Added to an existing GLSA Request.

Maintainer(s), please drop the vulnerable version(s).

Comment 6 Alon Bar-Lev (RETIRED) gentoo-dev

2015-06-21 06:40:27 UTC

Done, thanks.

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2015-06-22 21:41:16 UTC

This issue was resolved and addressed in
 GLSA 201506-03 at https://security.gentoo.org/glsa/201506-03
by GLSA coordinator Kristian Fiskerstrand (K_F).

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2015-07-05 21:44:56 UTC

CVE-2015-3308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3308):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
  
  ** TEMPORARY **
  gnutls 3.3.14 fixes a double-free in parsing CRL distribution points.
  
  It will affect applications which parse CRL distribution points or
  print contents of certificates with gnutls-provided functions (e.g.
  gnutls_x509_crt_print())