USN-126-1: GNU TLS library vulnerability
13 May 2005
GNU TLS library vulnerability
Releases
Details
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing consistency check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.04
-
libgnutls10
-
-
libgnutls11
-
-
libgnutls11-dbg
-
Ubuntu 4.10
-
libgnutls10
-
-
libgnutls11
-
-
libgnutls11-dbg
-
In general, a standard system update will make all the necessary changes.