drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GNU Transport Layer Security Library (Aktualisierung)
Name: |
Mehrere Probleme in GNU Transport Layer Security Library (Aktualisierung) |
|
ID: |
USN-3183-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Di, 21. März 2017, 07:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5334 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Update von: |
Mehrere Probleme in GNU Transport Layer Security Library |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6304473782595797216== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mji0hVk8j8EONU9dAXXBMeoVmvWj3OabV"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mji0hVk8j8EONU9dAXXBMeoVmvWj3OabV Content-Type: multipart/mixed; boundary="elPAL73ObBIkRRr1FBn3V0mvqiWKAVfK2" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <c8682b1d-ce2c-aef0-29cd-a7384877e4bc@canonical.com> Subject: [USN-3183-2] GnuTLS vulnerability
--elPAL73ObBIkRRr1FBn3V0mvqiWKAVfK2 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3183-2 March 20, 2017
gnutls26 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
GnuTLS could be made to hang if it received specially crafted network traffic.
Software Description: - gnutls26: GNU TLS library
Details:
USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Original advisory details:
Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.7
Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.14
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3183-2 http://www.ubuntu.com/usn/usn-3183-1 CVE-2016-8610
Package Information: https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.7 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.14
--elPAL73ObBIkRRr1FBn3V0mvqiWKAVfK2--
--mji0hVk8j8EONU9dAXXBMeoVmvWj3OabV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJY0BMzAAoJEGVp2FWnRL6T1GAP/1KiX5lx+vCs6OE2cmqOMDsw UZK3K7SJG7vbdzpR11nLW1XLNVBFTKWlI1kJtUvPsgdjrxze9bnGUvk1HWK2RUXT wX4HhhgIZdnjowJCSLjyvYf0iDCHSChs5E/3MWfpU0nKn9LW5Gt8oTMlalCgKdko LE7ddkfNXjU11CzGMcjg3UtncIWaYihTMSj9evQUxPzOG88XgtQ8l0CKrJ/zUv6c F8RwZI2Yk6Lr3F8n8Kjc/UyLkxR9FtXvY92FiqpDDLlUsRyI6z5SNVAa2JMJqLsr 8PWyLEbWEkyu4lE03MQ2PdeSuRlre3Vj80OkiiH5ttYKgKLZGvqmMjpOnemlHLwW eYjrPnUtoVUY2ieNHDL2NdACAxDF0JiSR8vd18GZ5WiT7qmdsCyMAd/QUkJwetx0 51Y9o1MZClyPnUl899ChpILH+qXQ+7bSp4+Pq8Vl8m+1eNaZ5OJ58+V8wTufYzU/ 4zIEPjsrZQybka5ZE4pRHxjHEtuN6faoeklaDLKOgoPA7QGpwjm50ZJIMt+2ZoSo iWZjUQed23brNDLwUETiXSSiCqeLMdrxOeAZeOmc3GRcSrw1Atbne+XdshOsm4HS 5UmV8abBlqEcmJxgmlGrEka+ntNyFXVZewySzRotaZHVWl8ORGR+XP2jVedT4aIK Ih7JmXnH0LIG0PR/CbjO =I5Ik -----END PGP SIGNATURE-----
--mji0hVk8j8EONU9dAXXBMeoVmvWj3OabV--
--===============6304473782595797216== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6304473782595797216==--
|
|
|
|