Your submission was sent successfully! Close

USN-948-1: GnuTLS vulnerability

3 June 2010

Under certain circumstances, an attacker might be able to crash GnuTLS.

Releases

Packages

Details

It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against GnuTLS
processed a crafted certificate, an attacker could make GnuTLS dereference
a NULL pointer and cause a DoS via application crash.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06

In general, a standard system update will make all the necessary changes.

References