1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
PublicDateAtUSN: 2012-03-26
Candidate: CVE-2012-1573
PublicDate: 2012-03-26
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
http://www.openwall.com/lists/oss-security/2012/03/21/5
http://www.gnu.org/software/gnutls/security.html
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959
http://www.ubuntu.com/usn/usn-1418-1
Description:
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
does not properly handle data encrypted with a block cipher, which allows
remote attackers to cause a denial of service (heap memory corruption and
application crash) via a crafted record, as demonstrated by a crafted
GenericBlockCipher structure.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=805432
https://bugs.launchpad.net/bugs/978661
Priority: medium
Discovered-by: Matthew Hall
Assigned-to:
Patches_gnutls13:
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
upstream_gnutls13: needs-triage
hardy_gnutls13: released (2.0.4-1ubuntu2.7)
lucid_gnutls13: DNE
maverick_gnutls13: DNE
natty_gnutls13: DNE
oneiric_gnutls13: DNE
precise_gnutls13: DNE
precise/esm_gnutls13: DNE
quantal_gnutls13: DNE
raring_gnutls13: DNE
saucy_gnutls13: DNE
trusty_gnutls13: DNE
utopic_gnutls13: DNE
vivid_gnutls13: DNE
vivid/stable-phone-overlay_gnutls13: DNE
vivid/ubuntu-core_gnutls13: DNE
wily_gnutls13: DNE
xenial_gnutls13: DNE
yakkety_gnutls13: DNE
zesty_gnutls13: DNE
devel_gnutls13: DNE
Patches_gnutls26:
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
vendor: http://www.debian.org/security/2012/dsa-2441
upstream_gnutls26: released (2.12.18)
hardy_gnutls26: DNE
lucid_gnutls26: released (2.8.5-2ubuntu0.1)
maverick_gnutls26: released (2.8.6-1ubuntu0.1)
natty_gnutls26: released (2.8.6-1ubuntu2.1)
oneiric_gnutls26: released (2.10.5-1ubuntu3.1)
precise_gnutls26: released (2.12.14-5ubuntu3)
precise/esm_gnutls26: released (2.12.14-5ubuntu3)
quantal_gnutls26: released (2.12.14-5ubuntu3)
raring_gnutls26: released (2.12.14-5ubuntu3)
saucy_gnutls26: released (2.12.14-5ubuntu3)
trusty_gnutls26: released (2.12.14-5ubuntu3)
utopic_gnutls26: released (2.12.14-5ubuntu3)
vivid_gnutls26: DNE
vivid/stable-phone-overlay_gnutls26: DNE
vivid/ubuntu-core_gnutls26: DNE
wily_gnutls26: DNE
xenial_gnutls26: DNE
yakkety_gnutls26: DNE
zesty_gnutls26: DNE
devel_gnutls26: DNE
Patches_gnutls28:
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
upstream_gnutls28: released (3.0.15)
hardy_gnutls28: DNE
lucid_gnutls28: DNE
maverick_gnutls28: DNE
natty_gnutls28: DNE
oneiric_gnutls28: DNE
precise_gnutls28: ignored (reached end-of-life)
precise/esm_gnutls28: DNE (precise was needed)
quantal_gnutls28: not-affected (3.0.21-1ubuntu1)
raring_gnutls28: not-affected (3.0.21-1ubuntu1)
saucy_gnutls28: not-affected (3.0.21-1ubuntu1)
trusty_gnutls28: not-affected (3.0.21-1ubuntu1)
utopic_gnutls28: not-affected (3.0.21-1ubuntu1)
vivid_gnutls28: not-affected (3.0.21-1ubuntu1)
vivid/stable-phone-overlay_gnutls28: not-affected (3.0.21-1ubuntu1)
vivid/ubuntu-core_gnutls28: not-affected (3.0.21-1ubuntu1)
wily_gnutls28: not-affected (3.0.21-1ubuntu1)
xenial_gnutls28: not-affected (3.0.21-1ubuntu1)
yakkety_gnutls28: not-affected (3.0.21-1ubuntu1)
zesty_gnutls28: not-affected (3.0.21-1ubuntu1)
devel_gnutls28: not-affected (3.0.21-1ubuntu1)
|