Bugs fixes in "gnutls28"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2018-1084 | corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | 2019-05-30 |
| CVE | CVE-2019-3829 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification | 2019-05-30 |
| CVE | CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a c | 2019-05-30 |
| CVE | CVE-2018-10845 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to | 2019-05-30 |
| CVE | CVE-2018-10844 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to | 2019-05-30 |
| CVE | CVE-2018-1084 | corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | 2019-05-30 |
| Launchpad | 1722411 | gnutls28 in trusty no longer validates many valid certificate chains, such as google.com | 2018-07-05 |
| Launchpad | 1722411 | gnutls28 in trusty no longer validates many valid certificate chains, such as google.com | 2018-05-28 |
| Launchpad | 1709193 | Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer | 2017-10-26 |
| Launchpad | 1709193 | Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer | 2017-10-26 |
| CVE | CVE-2017-7869 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function | 2017-06-13 |
| CVE | CVE-2017-7507 | Crash upon receiving well-formed status_request extension | 2017-06-13 |
| CVE | CVE-2017-7869 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function | 2017-06-13 |
| CVE | CVE-2017-7507 | Crash upon receiving well-formed status_request extension | 2017-06-13 |
| CVE | CVE-2017-7869 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function | 2017-06-13 |
| CVE | CVE-2017-7507 | Crash upon receiving well-formed status_request extension | 2017-06-13 |
| CVE | CVE-2017-7869 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function | 2017-06-13 |
| CVE | CVE-2017-7507 | Crash upon receiving well-formed status_request extension | 2017-06-13 |
| CVE | CVE-2016-8610 | SSL/TLS SSL3_AL_WARNING undefined alert DoS | 2017-02-01 |
| CVE | CVE-2016-7444 | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCS | 2017-02-01 |
About
-
Send Feedback to @ubuntu_updates
