Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 634
Alerts This Week
Warning Icon 1 634

Ubuntu 17.04 USN-3318-1 Critical GnuTLS Denial Of Service

ubuntu
Calendar Grey June 13, 2017
Dist Ubuntu Esm H88
OpenSSL issues resolved in Ubuntu USN-3320-1. Upgrade immediately to protect your device from emerging risks.
Several security issues were fixed in GnuTLS.

Summary

Several security issues were fixed in GnuTLS.

Software Description:

- gnutls28: GNU TLS library

- gnutls26: GNU TLS library

Details:

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status

response TLS extension. A remote attacker could possibly use this issue to

cause GnuTLS to crash, resulting in a denial of service. This issue only

applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507)

It was discovered that GnuTLS incorrectly handled decoding certain OpenPGP

certificates. A remote attacker could use this issue to cause GnuTLS to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2017-7869)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libgnutls30                     3.5.6-4ubuntu4.1

Ubuntu 16.10:
  libgnutls30                     3.5.3-5ubuntu1.2

Ubuntu 16.04 LTS:
  libgnutls30                     3.4.10-4ubuntu1.3

Ubuntu 14.04 LTS:
  libgnutls26                     2.12.23-12ubuntu2.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3318-1

CVE-2017-7507, CVE-2017-7869

Severity
critical
Lowest
Low
Medium
High
Critical

June 13, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.