PublicDateAtUSN: 2016-09-27
Candidate: CVE-2016-7444
PublicDate: 2016-09-27 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7444
 https://gnutls.org/security.html#GNUTLS-SA-2016-3
 http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
 http://www.openwall.com/lists/oss-security/2016/09/18/3
 https://ubuntu.com/security/notices/USN-3183-1
Description:
 The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before
 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP
 response, which might allow remote attackers to bypass an intended
 certificate validation mechanism via vectors involving trailing bytes left
 by gnutls_malloc.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1374266
Priority: low
Discovered-by: Stefan Buehler
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_gnutls28:
 upstream: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
 upstream: https://gitlab.com/gnutls/gnutls/commit/c089e019ef83a77b2fdca24d0875ef25f6b38f1a (3.3)
upstream_gnutls28: released (3.5.3-4)
precise_gnutls28: not-affected (code not present)
precise/esm_gnutls28: DNE (precise was not-affected [code not present])
trusty_gnutls28: ignored (reached end-of-life)
trusty/esm_gnutls28: DNE (trusty was needed)
vivid/stable-phone-overlay_gnutls28: ignored (reached end-of-life)
vivid/ubuntu-core_gnutls28: ignored (reached end-of-life)
xenial_gnutls28: released (3.4.10-4ubuntu1.2)
esm-infra/xenial_gnutls28: released (3.4.10-4ubuntu1.2)
yakkety_gnutls28: not-affected (3.5.3-4ubuntu1)
zesty_gnutls28: not-affected (3.5.3-4ubuntu1)
artful_gnutls28: not-affected (3.5.3-4ubuntu1)
bionic_gnutls28: not-affected (3.5.3-4ubuntu1)
cosmic_gnutls28: not-affected (3.5.3-4ubuntu1)
disco_gnutls28: not-affected (3.5.3-4ubuntu1)
devel_gnutls28: not-affected (3.5.3-4ubuntu1)

Patches_gnutls26:
upstream_gnutls26: not-affected
precise_gnutls26: not-affected
precise/esm_gnutls26: not-affected
trusty_gnutls26: not-affected
trusty/esm_gnutls26: not-affected
vivid/ubuntu-core_gnutls26: DNE
vivid/stable-phone-overlay_gnutls26: DNE
xenial_gnutls26: DNE
yakkety_gnutls26: DNE
zesty_gnutls26: DNE
artful_gnutls26: DNE
bionic_gnutls26: DNE
cosmic_gnutls26: DNE
disco_gnutls26: DNE
devel_gnutls26: DNE