Ubuntu
gnutls26 package

[Precise] gnutls26 is vulnerable to CVE-2012-1573

Bug #978661 reported by Tyler Hicks on 2012-04-11

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnutls26 (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Mitre's description of CVE-2012-1573:

---
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
---

I've updated the stable releases but need a sponsor if this is deemed urgent enough to make it into the Precise release.

More information can be found in the Ubuntu CVE Tracker:

http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1573.html

Related branches

lp:ubuntu/precise/gnutls26

CVE References

2012-1573

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2012-04-11:

gnutls26_2.12.14-5ubuntu3.debdiff Edit (2.4 KiB, text/plain)

This debdiff was tested in a local build. It passed the 'umt compare-log', 'umt compare-bin', and 'umt check' verifications and did not show any regressions with the tests in qa-regression-testing/scripts/test-gnutls.py.

visibility:

private → public

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-04-11:

ACK on the debdiff, uploaded to Precise.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-04-11:

This bug was fixed in the package gnutls26 - 2.12.14-5ubuntu3

---------------
gnutls26 (2.12.14-5ubuntu3) precise; urgency=low

  * SECURITY UPDATE: Denial of service via crafted TLS record (LP: #978661)
    - debian/patches/CVE-2012-1573.patch: Validate the size of a
      GenericBlockCipher structure as it is processed. Based on upstream
      patch.
    - CVE-2012-1573
-- Tyler Hicks <email address hidden> Wed, 11 Apr 2012 02:52:23 -0500