[gnutls-help] gnutls 3.7.1
ueno at gnu.org
Wed Mar 10 14:06:24 CET 2021
We've just released gnutls 3.7.1. This is a bug fix and security
release on the 3.7.x branch.
We'd like to thank everyone who contributed in this release:
Airtower, Andreas Metzler, Daiki Ueno, Dmitriy Tsvettsikh, Dosenpfand,
Evgeny Grin, Fiona Klute, JonasZhou, Martin Storsjo, Norbert Pocs,
Ondrej Moris, Sadie Powell, Stanislav Zidek, Stefan Berger,
Steffen Jaeckel, Tom Carroll, and Tom Vrancken.
The detailed list of changes follows:
* Version 3.7.1 (released 2021-03-10)
** libgnutls: Fixed potential use-after-free in sending "key_share"
and "pre_shared_key" extensions. When sending those extensions, the
client may dereference a pointer no longer valid after
realloc. This happens only when the client sends a large Client
Hello message, e.g., when HRR is sent in a resumed session
previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call
realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
** libgnutls: Fixed a regression in handling duplicated certs in a
** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox
compatibiltiy mode. In that mode the client shall always send a
non-zero session ID to make the handshake resemble the TLS 1.2
resumption; this was not true in the previous versions (#1074).
** libgnutls: W32 performance improvement with a new sendmsg()-like
transport implementation (!1377).
** libgnutls: Removed dependency on the external 'fipscheck' package,
when compiled with --enable-fips140-mode (#1101).
** libgnutls: Added padlock acceleration for AES-192-CBC (#1004).
** API and ABI modifications:
No changes since last version.
Getting the Software
GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:
Note that it has been signed with my openpgp key:
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid [ultimate] Daiki Ueno <ueno at unixuser.org>
uid [ultimate] Daiki Ueno <ueno at gnu.org>
sub rsa4096 2010-02-04 [E]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Gnutls-help