diff options
| -rw-r--r-- | security-entries/GNUTLS-SA-2016-1 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security-entries/GNUTLS-SA-2016-1 b/security-entries/GNUTLS-SA-2016-1 index 5f16580bb6..ef0623edd0 100644 --- a/security-entries/GNUTLS-SA-2016-1 +++ b/security-entries/GNUTLS-SA-2016-1 @@ -2,6 +2,7 @@ <td>File overwrite by setuid programs</td> <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 - and fixed in GnuTLS 3.4.13. + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td> |