Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in GnuTLS.
Software Description:
- gnutls28: GNU TLS library
- gnutls26: GNU TLS library
Details:
Stefan Buehler discovered that GnuTLS incorrectly verified the serial
length of OCSP responses. A remote attacker could possibly use this issue
to bypass certain certificate validation measures. This issue only applied
to Ubuntu 16.04 LTS. (CVE-2016-7444)
Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts.
A remote attacker could possibly use this issue to cause GnuTLS to hang,
resulting in a denial of service. This issue has only been addressed in
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)
It was discovered that GnuTLS incorrectly decoded X.509 certificates with a
Proxy Certificate Information extension. A remote attacker could use this
issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 16....
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libgnutls30 3.5.3-5ubuntu1.1 Ubuntu 16.04 LTS: libgnutls30 3.4.10-4ubuntu1.2 Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.6 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3183-1
CVE-2016-7444, CVE-2016-8610, CVE-2017-5334, CVE-2017-5335,
CVE-2017-5336, CVE-2017-5337
Get the latest Linux and open source security news straight to your inbox.