CVE-2012-1573
Published: 26 March 2012
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls13 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.0.4-1ubuntu2.7)
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d |
||
|
gnutls26 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.8.5-2ubuntu0.1)
|
|
| maverick |
Released
(2.8.6-1ubuntu0.1)
|
|
| natty |
Released
(2.8.6-1ubuntu2.1)
|
|
| oneiric |
Released
(2.10.5-1ubuntu3.1)
|
|
| precise |
Released
(2.12.14-5ubuntu3)
|
|
| quantal |
Released
(2.12.14-5ubuntu3)
|
|
| raring |
Released
(2.12.14-5ubuntu3)
|
|
| saucy |
Released
(2.12.14-5ubuntu3)
|
|
| trusty |
Released
(2.12.14-5ubuntu3)
|
|
| upstream |
Released
(2.12.18)
|
|
| utopic |
Released
(2.12.14-5ubuntu3)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d vendor: http://www.debian.org/security/2012/dsa-2441 |
||
|
gnutls28 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| raring |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| saucy |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.0.21-1ubuntu1])
|
|
| upstream |
Released
(3.0.15)
|
|
| utopic |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| vivid |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| wily |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| xenial |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| yakkety |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
| zesty |
Not vulnerable
(3.0.21-1ubuntu1)
|
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185 |
||
References
- http://www.openwall.com/lists/oss-security/2012/03/21/5
- http://www.gnu.org/software/gnutls/security.html
- http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959
- https://ubuntu.com/security/notices/USN-1418-1
- https://www.cve.org/CVERecord?id=CVE-2012-1573
- NVD
- Launchpad
- Debian