CVE-2014-3466

Publication date 1 June 2014

Last updated 24 July 2024

Ubuntu priority

Description

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gnutls28	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Fixed 3.2.11-2ubuntu1.1
	13.10 saucy	Ignored end of life
	12.04 LTS precise	Fixed 3.0.11-1ubuntu2.1
	10.04 LTS lucid	Not in release
gnutls26	15.04 vivid	Not in release
	14.10 utopic	Fixed 2.12.23-15ubuntu2
	14.04 LTS trusty	Fixed 2.12.23-12ubuntu2.1
	13.10 saucy	Fixed 2.12.23-1ubuntu4.3
	12.04 LTS precise	Fixed 2.12.14-5ubuntu3.8
	10.04 LTS lucid	Fixed 2.8.5-2ubuntu0.6

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gnutls28	Upstream: 688ea64 Upstream: a7be326
gnutls26	Upstream: 8923804

References

Related Ubuntu Security Notices (USN)

USN-2229-1
GnuTLS vulnerability
2 June 2014