Explore top 10 tips to secure your open-source projects now. Read More
×
GnuTLS could be made to crash or run programs if it processed a specially
crafted certificate.
Software Description:
- gnutls28: GNU TLS library - commandline utilities
Details:
Sean Burford discovered that GnuTLS incorrectly handled printing certain
elliptic curve parameters. A malicious remote server or client could use
this issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: gnutls-bin 3.2.16-1ubuntu2.1 libgnutls-deb0-28 3.2.16-1ubuntu2.1 libgnutls-openssl27 3.2.16-1ubuntu2.1 libgnutlsxx28 3.2.16-1ubuntu2.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2403-1
CVE-2014-8564
Get the latest Linux and open source security news straight to your inbox.