diff options
Diffstat (limited to 'security.html')
-rw-r--r-- | security.html | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security.html b/security.html index c4f886d819..abb54587a6 100644 --- a/security.html +++ b/security.html @@ -80,11 +80,12 @@ <tr><th>Tag</th><th>Other identifiers</th><th>Severity</th><th>Information</th> <tr> <td><div class="emph-box" id="GNUTLS-SA-2016-1">GNUTLS-SA-2016-1</div></td> - <td>-</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4456">CVE-2016-4456</a></td> <td>File overwrite by setuid programs</td> <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 - and fixed in GnuTLS 3.4.13. + with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed + in GnuTLS 3.4.13 by switching to secure_getenv() where available. <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td> </tr> <tr> @@ -112,8 +113,7 @@ <tr> <td><div class="emph-box" id="GNUTLS-SA-2015-2">GNUTLS-SA-2015-2</div></td> <td><a href="http://seclists.org/oss-sec/2015/q3/374"> - No CVE assigned</a> (May 2015), <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"> - CVE-2015-7575</a> (January 2016) + No CVE assigned</a> </td> <td>ServerKeyExchange signature issue</td> <td><a |