Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 13.04 USN-1843-1 Critical: GnutLS Denial Of Service Threat

Calendar May 29, 2013 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu gnutls network issue
GnuTLS could be made to crash if it received specially crafted network traffic. 
=========================================================================Ubuntu Security Notice USN-1843-1
May 29, 2013

gnutls26 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

GnuTLS could be made to crash if it received specially crafted network
traffic.

Software Description:
- gnutls26: GNU TLS library

Details:

It was discovered that GnuTLS incorrectly handled certain padding bytes. A
remote attacker could use this flaw to cause an application using GnuTLS to
crash, leading to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
  libgnutls26                     2.12.23-1ubuntu1.1

Ubuntu 12.10:
  libgnutls26                     2.12.14-5ubuntu4.3

Ubuntu 12.04 LTS:
  libgnutls26                     2.12.14-5ubuntu3.4

Ubuntu 10.04 LTS:
  libgnutls26                     2.8.5-2ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1843-1
  CVE-2013-2116

Package Information:
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.3
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.4
  https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.4

Ubuntu 13.04 USN-1843-1 Critical: GnutLS Denial Of Service Threat

ubuntu
Calendar Grey May 29, 2013
Dist Ubuntu Esm H88
Critical GnuTLS flaw in Ubuntu impacts several editions. Discover methods to safeguard against disruptions from malicious data streams.
GnuTLS could be made to crash if it received specially crafted network traffic.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu gnutls network issue

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libgnutls26 2.12.23-1ubuntu1.1 Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.3 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.4 Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1843-1

CVE-2013-2116

Severity
critical
Lowest
Low
Medium
High
Critical

May 29, 2013

Topics%20covered

Topics Covered

security advisory denial of service critical ubuntu gnutls network issue

Package Information

https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu1.1 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.3 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.4 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here