UbuntuUpdates.org

Package "libgnutls-dev"

Name: libgnutls-dev

Description:

GNU TLS library - development files

Latest version: 3.4.10-4ubuntu1.9
Release: xenial (16.04)
Level: updates
Repository: main
Head package: gnutls28
Homepage: http://www.gnutls.org/

Links


Download "libgnutls-dev"


Other versions of "libgnutls-dev" in Xenial

Repository Area Version
base main 3.4.10-4ubuntu1
security main 3.4.10-4ubuntu1.7

Changelog

Version: 3.4.10-4ubuntu1.4 2017-10-26 19:06:39 UTC

  gnutls28 (3.4.10-4ubuntu1.4) xenial; urgency=medium

  * use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
    OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
    which includes TLS1.2 support. (LP: #1709193)

 -- Simon Deziel <email address hidden> Mon, 07 Aug 2017 23:04:43 +0000

Source diff to previous version
1709193 Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer

Version: 3.4.10-4ubuntu1.3 2017-06-13 19:06:44 UTC

  gnutls28 (3.4.10-4ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference via status response TLS
    extension decoding
    - debian/patches/CVE-2017-7507-1.patch: ensure response IDs are
      properly deinitialized in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-2.patch: remove parsing of responder IDs
      from client extension in lib/ext/status_request.c.
    - debian/patches/CVE-2017-7507-3.patch: documented requirements for
      parameters in lib/ext/status_request.c.
    - CVE-2017-7507
  * SECURITY UPDATE: DoS and possible code execution via OpenPGP
    certificate decoding
    - debian/patches/CVE-2017-7869.patch: enforce packet limits in
      lib/opencdk/read-packet.c.
    - CVE-2017-7869

 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2017 09:32:37 -0400

Source diff to previous version
CVE-2017-7507 Crash upon receiving well-formed status_request extension
CVE-2017-7869 GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function

Version: 3.4.10-4ubuntu1.2 2017-02-01 20:06:49 UTC

  gnutls28 (3.4.10-4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: OCSP validation issue
    - debian/patches/CVE-2016-7444.patch: correctly verify the serial
      length in lib/x509/ocsp.c.
    - CVE-2016-7444
  * SECURITY UPDATE: denial of service via warning alerts
    - debian/patches/CVE-2016-8610.patch: set a maximum number of warning
      messages in lib/gnutls_int.h, lib/gnutls_handshake.c,
      lib/gnutls_state.c.
    - CVE-2016-8610
  * SECURITY UPDATE: double-free when reading proxy language
    - debian/patches/CVE-2017-5334.patch: fix double-free in
      lib/x509/x509_ext.c.
    - CVE-2017-5334
  * SECURITY UPDATE: out of memory error in stream reading functions
    - debian/patches/CVE-2017-5335.patch: add error checking to
      lib/opencdk/read-packet.c.
    - CVE-2017-5335
  * SECURITY UPDATE: stack overflow in cdk_pk_get_keyid
    - debian/patches/CVE-2017-5336.patch: check return code in
      lib/opencdk/pubkey.c.
    - CVE-2017-5336
  * SECURITY UPDATE: heap read overflow when reading streams
    - debian/patches/CVE-2017-5337.patch: add more precise checks to
      lib/opencdk/read-packet.c.
    - CVE-2017-5337
  * debian/patches/fix_expired_certs.patch: use datefudge to fix test with
    expired certs.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2017 10:14:03 -0500

Source diff to previous version
CVE-2016-7444 The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCS
CVE-2016-8610 SSL/TLS SSL3_AL_WARNING undefined alert DoS

Version: 3.4.10-4ubuntu1.1 2016-06-28 10:06:45 UTC

  gnutls28 (3.4.10-4ubuntu1.1) xenial-proposed; urgency=medium

  * SRU: LP: #1592693.
  * gnutls-doc: Don't install the sgml files, not building with gtk-doc-tools
    in xenial.

 -- Matthias Klose <email address hidden> Wed, 15 Jun 2016 10:00:17 +0200

1592693 gnutls28 fails to build in xenial



About   -   Send Feedback to @ubuntu_updates