View Full Version : USN-613-1: GnuTLS vulnerabilities

May 21st, 2008, 07:10 PM
Referenced CVEs:
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

================================================== ========= Ubuntu Security Notice USN-613-1 May 21, 2008 gnutls12, gnutls13 vulnerabilities CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.2 Ubuntu 7.04: libgnutls13 1.4.4-3ubuntu0.1 Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.1 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user.

More... (http://www.ubuntu.com/usn/usn-613-1)