|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN126-1 : gnutls11, gnutls10 vulnerability Vulnerability Scan
Vulnerability Scan Summary
gnutls11, gnutls10 vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- gnutls-bin
- libgnutls-doc
- libgnutls10
- libgnutls10-dev
- libgnutls11
- libgnutls11-dbg
- libgnutls11-dev
Description :
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing sanity check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
Solution :
Upgrade to :
- gnutls-bin-1.0.16-13ubuntu0.1 (Ubuntu 5.04)
- libgnutls-doc-1.0.4-3ubuntu1.1 (Ubuntu 4.10)
- libgnutls10-1.0.4-3ubuntu1.1 (Ubuntu 4.10)
- libgnutls10-dev-1.0.4-3ubuntu1.1 (Ubuntu 4.10)
- libgnutls11-1.0.16-13ubuntu0.1 (Ubuntu 5.04)
- libgnutls11-dbg-1.0.16-13ubuntu0.1 (Ubuntu 5.04)
- libgnutls11-dev-1.0.16-13ubuntu0.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
