Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 15.04: 2727-2 Severe: GnuTLS Security Flaw Exploitation

Calendar Sep 01, 2015 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical code execution Ubuntu GnuTLS
GnuTLS could be made to crash or run programs if it processed a specially crafted certificate. 
=========================================================================Ubuntu Security Notice USN-2727-1
September 01, 2015

gnutls28 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04

Summary:

GnuTLS could be made to crash or run programs if it processed a specially
crafted certificate.

Software Description:
- gnutls28: GNU TLS library

Details:

It was discovered that GnuTLS incorrectly handled parsing CRL distribution
points. A remote attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2015-3308)

Kurt Roeckx discovered that GnuTLS incorrectly handled a long
DistinguishedName (DN) entry in a certificate. A remote attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2015-6251)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  libgnutls-deb0-28               3.3.8-3ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2727-1
  CVE-2015-3308, CVE-2015-6251

Package Information:
  https://launchpad.net/ubuntu/+source/gnutls28/3.3.8-3ubuntu3.1

Ubuntu 15.04: 2727-2 Severe: GnuTLS Security Flaw Exploitation

ubuntu
Calendar Grey September 1, 2015
Dist Ubuntu Esm H88
Ubuntu 16.04 has been identified with OpenSSL issues that can lead to system instability or arbitrary code execution through malicious certificates.
GnuTLS could be made to crash or run programs if it processed a specially crafted certificate.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical code execution Ubuntu GnuTLS

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libgnutls-deb0-28 3.3.8-3ubuntu3.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2727-1

CVE-2015-3308, CVE-2015-6251

Severity
critical
Lowest
Low
Medium
High
Critical

September 01, 2015

Topics%20covered

Topics Covered

security advisory denial of service critical code execution Ubuntu GnuTLS

Package Information

https://launchpad.net/ubuntu/+source/gnutls28/3.3.8-3ubuntu3.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here