Bug 1021057 - (CVE-2017-5336) VUL-0: CVE-2017-5335,CVE-2017-5336,CVE-2017-5337: libopencdk: heap and stack overflows when decoding OpenPGP certificates (GNUTLS-SA-2017-2)
VUL-0: CVE-2017-5335,CVE-2017-5336,CVE-2017-5337: libopencdk: heap and stack ...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-01-20 09:20 UTC by Matthias Gerstner
Modified: 2017-10-26 05:50 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Upstream patches for SLE-10 (9.50 KB, application/x-tar)
2017-03-10 11:56 UTC, Pedro Monreal Gonzalez

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2017-01-20 09:20:44 UTC
+++ This bug was initially created as a clone of Bug #1018832

It was found using the OSS-FUZZ fuzzer infrastructure that decoding a specially crafted OpenPGP certificate could lead to heap and stack overflows. 

Fixed upstream in GnuTLS 3.3.26 and 3.5.8.

Upstream recommendation / comment on the feature:

> The support of OpenPGP certificates in GnuTLS is considered obsolete.
> As such, it is not recommended to use OpenPGP certificates with GnuTLS.

Comment 1 Matthias Gerstner 2017-01-20 09:28:55 UTC
These issues have been found in GnuTLS, handled in bug 1018832.

In SLE-10-SP3:Teradata the affected code does not come from the libopencdk
bundled with GnuTLS, but from the system's libopencdk.

The following upstream commits are related to this:

> https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a

Use CVE-2017-5335.

> https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732

Use CVE-2017-5336.

> https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a

Use CVE-2017-5337.
Comment 2 Matthias Gerstner 2017-01-20 09:38:22 UTC
QA reproducer:

This bug is reproduced using GnuTLS. Instructions are found in
bug 1018832 comment 5.
Comment 4 Swamp Workflow Management 2017-01-20 23:00:28 UTC
bugbot adjusting priority
Comment 7 Pedro Monreal Gonzalez 2017-03-10 11:56:29 UTC
Created attachment 717035 [details]
Upstream patches for SLE-10

- Added patches for SLE-10
  * libopencdk-CVE-2017-5335.patch  
  * libopencdk-CVE-2017-5336.patch  
  * libopencdk-CVE-2017-5337.patch

I'm reassigning this bug to the security-team.
Comment 9 Swamp Workflow Management 2017-03-24 08:35:10 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-03-31.
When done, reassign the bug to security-team@suse.de.
Comment 10 Marcus Meissner 2017-10-26 05:50:30 UTC