Arch Linux Security Advisory ASA-201508-8 ========================================= Severity: Medium Date : 2015-08-25 CVE-ID : CVE-2015-6251 Package : gnutls Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package gnutls before version 3.4.4.1-1 is vulnerable to remote denial of service. Resolution ========== Upgrade to 3.4.4.1-1. # pacman -Syu "gnutls>=3.4.4.1-1" The problem has been fixed upstream in version 3.4.4 and 3.3.17. Workaround ========== None. Description =========== Kurt Roeckx reported that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free, which may result to a denial of service. Since the DN decoding occurs in almost all applications using certificates it is recommended to upgrade the latest GnuTLS version fixing the issue. Impact ====== A remote attacker might be able to remotely crash a vulnerable application by supplying a crafted certificate with a very long DN. References ========== http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 https://access.redhat.com/security/cve/CVE-2015-6251