UbuntuUpdates.org

Package "gnutls28"

Name: gnutls28

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU TLS library - GNU Guile bindings
  • GNU TLS library - XSSL API runtime library
  • GNU TLS library - main runtime library
  • GNU TLS library - debugger symbols
Latest version: 3.2.11-2ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "gnutls28" in Trusty

Repository Area Version
base universe 3.2.11-2ubuntu1
updates universe 3.2.11-2ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.2.11-2ubuntu1.1 2015-06-11 19:07:01 UTC

  gnutls28 (3.2.11-2ubuntu1.1) trusty-security; urgency=medium

  [ Gianfranco Costamagna ]
  * SECURITY UPDATE: Denial of service and possible remote arbitrary code
    execution via crafted ServerHello message
    - debian/patches/21_CVE-2014-3466.patch: Add upper bounds check for
      session id size. Based on upstream patch. (LP: #1326779)

  [ Tyler Hicks ]
  * debian/patches/21_CVE-2014-3466.patch: Fold in the test for
    CVE-2014-3466's fix. Based on upstream patch.

 -- Tyler Hicks <email address hidden> Thu, 11 Jun 2015 10:42:35 -0500
1326779 libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty
CVE-2014-3466 Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allo


About   -   Send Feedback to @ubuntu_updates