Ubuntu Security Notice USN-126-1
13th May, 2005
gnutls11, gnutls10 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing sanity check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- libgnutls10
- libgnutls11
- libgnutls11-dbg
- Ubuntu 4.10:
- libgnutls10
- libgnutls11
- libgnutls11-dbg
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None