[Bug 1326779] Re: libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty
Launchpad Bug Tracker
1326779 at bugs.launchpad.net
Thu Jun 11 18:11:57 UTC 2015
This bug was fixed in the package gnutls28 - 3.0.11-1ubuntu2.1
---------------
gnutls28 (3.0.11-1ubuntu2.1) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service and possible remote arbitrary code
execution via crafted ServerHello message
- debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
session id size. Based on upstream patch. (LP: #1326779)
-- Tyler Hicks <tyhicks at canonical.com> Thu, 11 Jun 2015 10:51:35 -0500
** Changed in: gnutls28 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: gnutls28 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1326779
Title:
libgnutls28 appears to not have been updated for CVE-2014-3466 in
Trusty
Status in gnutls28 package in Ubuntu:
Fix Released
Bug description:
Hi,
Although you've pushed out a patch for CVE-2014-3466 to libgnutls26 in
the current stable LTS Ubuntu release (Trusty) you've not pushed out a
corresponding patch for libgnutls28 (which is used by some packages).
Looking at the apt-cache policy output:
$ apt-cache policy libgnutls28
libgnutls28:
Installed: 3.2.11-2ubuntu1
Candidate: 3.2.11-2ubuntu1
Version table:
*** 3.2.11-2ubuntu1 0
500 http://archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
100 /var/lib/dpkg/status
This would look like a vulnerable version according to the CVE report
(also launchpad shows this package as not having been updated since
the 5th of March).
http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-3466
Can you please push out this patch asap, especially given that the
vulnerability has been widely publicised in the media as of yesterday?
Thanks,
Dr Owain Kenway
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779/+subscriptions
More information about the foundations-bugs
mailing list