Details
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing consistency check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing consistency check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 5.04 hoary | libgnutls10 – | ||
| libgnutls11 – | |||
| libgnutls11-dbg – | |||
| 4.10 warty | libgnutls10 – | ||
| libgnutls11 – | |||
| libgnutls11-dbg – | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.