[Precise] gnutls26 is vulnerable to CVE-2012-1573
Bug #978661 reported by
Tyler Hicks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls26 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Mitre's description of CVE-2012-1573:
---
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
---
I've updated the stable releases but need a sponsor if this is deemed urgent enough to make it into the Precise release.
More information can be found in the Ubuntu CVE Tracker:
http://
Related branches
CVE References
To post a comment you must log in.
This debdiff was tested in a local build. It passed the 'umt compare-log', 'umt compare-bin', and 'umt check' verifications and did not show any regressions with the tests in qa-regression- testing/ scripts/ test-gnutls. py.