USN-3318-1: GnuTLS vulnerabilities
USN-3318-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3318-1 13th June, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Hubert Kario discovered that GnuTLS incorrectly handled decoding a statusresponse TLS extension. A remote attacker could possibly use this issue tocause GnuTLS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGPcertificates. A remote attacker could use this issue to cause GnuTLS tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2017-7869) Update instructions The problem can be corrected by updating your [ more… ]
