diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-06-06 19:47:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-06-06 19:47:42 +0200 |
commit | 0cbe8102b64f6e5f1fa5c317dd60991f0853132e (patch) | |
tree | 0e845a9d97f43207cfd2430540d85c511854a76a | |
parent | 4d6f806114f6553d2e4629e81025e5cbb54dd0b2 (diff) | |
download | gnutls-0cbe8102b64f6e5f1fa5c317dd60991f0853132e.tar.gz |
added more details
-rw-r--r-- | security-entries/GNUTLS-SA-2016-1 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security-entries/GNUTLS-SA-2016-1 b/security-entries/GNUTLS-SA-2016-1 index 5f16580bb6..ef0623edd0 100644 --- a/security-entries/GNUTLS-SA-2016-1 +++ b/security-entries/GNUTLS-SA-2016-1 @@ -2,6 +2,7 @@ <td>File overwrite by setuid programs</td> <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 - and fixed in GnuTLS 3.4.13. + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td> |