CVE-2014-3466

Priority
Medium
Description
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c
in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows
remote servers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via a long session id in a ServerHello message.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (2.8.5-2ubuntu0.6)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.12.14-5ubuntu3.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.12.23-12ubuntu2.1)
Ubuntu 14.10 (Utopic Unicorn):released (2.12.23-15ubuntu2)
Patches:
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/89238044ade02c4d80e334ab74056ef28599663d
Package
Upstream:released (3.1.25,3.2.15,3.3.4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.2.15-1)
Patches:
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd
Upstream:https://www.gitorious.org/gnutls/gnutls/commit/a7be326f0e33cf7ce52b36474c157f782d9ca977 (test)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:18:42 UTC (commit 8644)