USN-126-1: GNU TLS library vulnerability

13 May 2005

gnutls11, gnutls10 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not possible to exploit this to execute any attacker specified code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
libgnutls10
libgnutls11
libgnutls11-dbg
Ubuntu 4.10
libgnutls10
libgnutls11
libgnutls11-dbg

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References