Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 12.04 LTS: USN-2127-1 Critical: GnuTLS Man-In-The-Middle Risk

Calendar Mar 04, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle GnuTLS sensitivity exposure
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. 
=========================================================================Ubuntu Security Notice USN-2127-1
March 04, 2014

gnutls26 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- gnutls26: GNU TLS library

Details:

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled
certificate verification functions. If a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited with
specially crafted certificates to view sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  libgnutls26                     2.12.23-1ubuntu4.2

Ubuntu 12.10:
  libgnutls26                     2.12.14-5ubuntu4.6

Ubuntu 12.04 LTS:
  libgnutls26                     2.12.14-5ubuntu3.7

Ubuntu 10.04 LTS:
  libgnutls26                     2.8.5-2ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2127-1
  CVE-2014-0092

Package Information:
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu4.2
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.6
  https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.7
  https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.5

Ubuntu 12.04 LTS: USN-2127-1 Critical: GnuTLS Man-In-The-Middle Risk

ubuntu
Calendar Grey March 4, 2014
Dist Ubuntu Esm H88
Ubuntu Security Update USN-2130-1 deals with a critical OpenSSL vulnerability that could lead to unauthorized access to confidential information via compromised keys.
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

Summary

Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle GnuTLS sensitivity exposure

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libgnutls26 2.12.23-1ubuntu4.2 Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.6 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.7 Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2127-1

CVE-2014-0092

Severity
critical
Lowest
Low
Medium
High
Critical

March 04, 2014

Topics%20covered

Topics Covered

security advisory Ubuntu man-in-the-middle GnuTLS sensitivity exposure

Package Information

https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu4.2 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.6 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.7 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here