USN-3183-2: GnuTLS vulnerability
USN-3183-2: GnuTLS vulnerability Ubuntu Security Notice USN-3183-2 20th March, 2017 gnutls26 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to hang if it received specially crafted network traffic. Software description gnutls26 – GNU TLS library Details USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu16.10. This update provides the corresponding update for Ubuntu 12.04 LTSand Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a [ more… ]
