Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 19 results


CVE-2013-1619

Medium priority

Some fixes available 5 of 8

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-1573

Medium priority

Some fixes available 11 of 12

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-1663

Low priority
Ignored

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-0390

Medium priority
Ignored

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13
gnutls26
gnutls28
Show less packages

CVE-2011-4128

Low priority
Fixed

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to...

2 affected packages

gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13
gnutls26
Show less packages

CVE-2006-7239

Medium priority
Fixed

The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2010-0731

Medium priority
Ignored

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-3555

Medium priority

Some fixes available 25 of 34

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier,...

10 affected packages

apache2, gnutls12, gnutls13, gnutls26, libapache-mod-ssl...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2
gnutls12
gnutls13
gnutls26
libapache-mod-ssl
nss
openjdk-6
openjdk-6b18
openssl
sun-java6
Show all 10 packages Show less packages

CVE-2009-2730

Medium priority

Some fixes available 5 of 6

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle...

4 affected packages

gnutls11, gnutls12, gnutls13, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls11
gnutls12
gnutls13
gnutls26
Show less packages

CVE-2009-2409

Medium priority
Fixed

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers...

6 affected packages

gnutls12, gnutls13, gnutls26, nss, openjdk-6, openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls12
gnutls13
gnutls26
nss
openjdk-6
openssl
Show less packages