Your submission was sent successfully! Close

CVE-2012-1573

Published: 26 March 2012

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Priority

Medium

Status

Package Release Status
gnutls13
Launchpad, Ubuntu, Debian
hardy
Released (2.0.4-1ubuntu2.7)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:
upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d



gnutls26
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.8.5-2ubuntu0.1)
maverick
Released (2.8.6-1ubuntu0.1)
natty
Released (2.8.6-1ubuntu2.1)
oneiric
Released (2.10.5-1ubuntu3.1)
precise
Released (2.12.14-5ubuntu3)
quantal
Released (2.12.14-5ubuntu3)
raring
Released (2.12.14-5ubuntu3)
saucy
Released (2.12.14-5ubuntu3)
trusty
Released (2.12.14-5ubuntu3)
upstream
Released (2.12.18)
utopic
Released (2.12.14-5ubuntu3)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:

upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
vendor: http://www.debian.org/security/2012/dsa-2441

gnutls28
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist
(precise was needed)
quantal Not vulnerable
(3.0.21-1ubuntu1)
raring Not vulnerable
(3.0.21-1ubuntu1)
saucy Not vulnerable
(3.0.21-1ubuntu1)
trusty Does not exist
(trusty was not-affected [3.0.21-1ubuntu1])
upstream
Released (3.0.15)
utopic Not vulnerable
(3.0.21-1ubuntu1)
vivid Not vulnerable
(3.0.21-1ubuntu1)
wily Not vulnerable
(3.0.21-1ubuntu1)
xenial Not vulnerable
(3.0.21-1ubuntu1)
yakkety Not vulnerable
(3.0.21-1ubuntu1)
zesty Not vulnerable
(3.0.21-1ubuntu1)
Patches:



upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185