Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-4128

Published: 8 December 2011

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

Notes

AuthorNote
jdstrand
According to upstream, this is client side only and requires clients
to be written in a certain undocumented way. Upstream searched for this and
found no clients to be vulnerable.

Priority

Low

Status

Package Release Status
gnutls13
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy
Released (2.0.4-1ubuntu2.7)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

Patches:
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450


gnutls26
Launchpad, Ubuntu, Debian
upstream
Released (2.12.14)
hardy Does not exist

lucid
Released (2.8.5-2ubuntu0.1)
maverick
Released (2.8.6-1ubuntu0.1)
natty
Released (2.8.6-1ubuntu2.1)
oneiric
Released (2.10.5-1ubuntu3.1)
Patches:


upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450