Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gnutls28 vulnerabilities

Related Vulnerabilities: CVE-2015-3308   CVE-2015-6251  

GnuTLS could be made to crash or run programs if it processed a specially crafted certificate.

It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-3308)

Source

1 September 2015

gnutls28 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04

Summary

GnuTLS could be made to crash or run programs if it processed a specially crafted certificate.

Software Description

  • gnutls28 - GNU TLS library

Details

It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-3308)

Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2015-6251)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
libgnutls-deb0-28 - 3.3.8-3ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started