CVE-2012-1573

Priority
Description
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
does not properly handle data encrypted with a block cipher, which allows
remote attackers to cause a denial of service (heap memory corruption and
application crash) via a crafted record, as demonstrated by a crafted
GenericBlockCipher structure.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
Package
Upstream:released (2.12.18)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.12.14-5ubuntu3)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.12.14-5ubuntu3)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
Vendor:http://www.debian.org/security/2012/dsa-2441
Package
Upstream:released (3.0.15)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.0.21-1ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.0.21-1ubuntu1)
Patches:
Upstream:http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
More Information

Updated: 2020-09-10 02:02:21 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)