CVE-2014-3466

Priority
Medium
Description
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c
in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows
remote servers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via a long session id in a ServerHello message.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (2.12.14-5ubuntu3.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.12.23-12ubuntu2.1)
Ubuntu 14.10 (Utopic Unicorn):released (2.12.23-15ubuntu2)
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Patches:
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/89238044ade02c4d80e334ab74056ef28599663d
Package
Upstream:released (3.1.25,3.2.15,3.3.4)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.0.11-1ubuntu2.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.2.11-2ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.2.15-1)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.2.15-1)
Ubuntu 15.10 (Wily Werewolf):not-affected (3.2.15-1)
Patches:
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/a7be326f0e33cf7ce52b36474c157f782d9ca977 (test)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-06-11 19:14:45 UTC (commit 9569)