USN-2821-1: GnuTLS vulnerability

30 November 2015

GnuTLS could be made to expose sensitive information over the network.

Releases

Packages

Details

It was discovered that GnuTLS incorrectly validated the first byte of
padding in CBC modes. A remote attacker could possibly use this issue to
perform a padding oracle attack.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.