Candidate: CVE-2014-4911
PublicDate: 2014-07-22 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4911
 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
Description:
 The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11
 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service
 (crash) via vectors related to the GCM ciphersuites, as demonstrated using
 the Codenomicon Defensics toolkit.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754655
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_polarssl:
upstream_polarssl: released (1.3.7-2.1)
lucid_polarssl: ignored (reached end-of-life)
precise_polarssl: ignored (reached end-of-life)
precise/esm_polarssl: DNE (precise was needs-triage)
trusty_polarssl: ignored (reached end-of-life)
trusty/esm_polarssl: DNE (trusty was needed)
utopic_polarssl: not-affected (1.3.7-2.1)
vivid_polarssl: not-affected (1.3.7-2.1)
vivid/stable-phone-overlay_polarssl: DNE
vivid/ubuntu-core_polarssl: DNE
wily_polarssl: not-affected (1.3.7-2.1)
xenial_polarssl: DNE
yakkety_polarssl: DNE
zesty_polarssl: DNE
artful_polarssl: DNE
bionic_polarssl: DNE
cosmic_polarssl: DNE
disco_polarssl: DNE
devel_polarssl: DNE

Patches_mbedtls:
upstream_mbedtls: released (1.3.7-2.1)
precise_mbedtls: DNE
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
vivid/stable-phone-overlay_mbedtls: DNE
vivid/ubuntu-core_mbedtls: DNE
wily_mbedtls: DNE
xenial_mbedtls: not-affected (1.3.7-2.1)
yakkety_mbedtls: not-affected (1.3.7-2.1)
zesty_mbedtls: not-affected (1.3.7-2.1)
artful_mbedtls: not-affected (1.3.7-2.1)
bionic_mbedtls: not-affected (1.3.7-2.1)
cosmic_mbedtls: not-affected (1.3.7-2.1)
disco_mbedtls: not-affected (1.3.7-2.1)
devel_mbedtls: not-affected (1.3.7-2.1)