CVE-2014-3466

Publication date 1 June 2014

Last updated 24 July 2024


Ubuntu priority

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.

Status

Package Ubuntu Release Status
gnutls26 15.04 vivid Not in release
14.10 utopic
Fixed 2.12.23-15ubuntu2
14.04 LTS trusty
Fixed 2.12.23-12ubuntu2.1
13.10 saucy
Fixed 2.12.23-1ubuntu4.3
12.04 LTS precise
Fixed 2.12.14-5ubuntu3.8
10.04 LTS lucid
Fixed 2.8.5-2ubuntu0.6
gnutls28 15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty
Fixed 3.2.11-2ubuntu1.1
13.10 saucy Ignored end of life
12.04 LTS precise
Fixed 3.0.11-1ubuntu2.1
10.04 LTS lucid Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
gnutls26
gnutls28

References

Related Ubuntu Security Notices (USN)

Other references