============================================================================ Ubuntu Security Notice USN-1843-1 May 29, 2013 gnutls26 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: GnuTLS could be made to crash if it received specially crafted network traffic. Software Description: - gnutls26: GNU TLS library Details: It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libgnutls26 2.12.23-1ubuntu1.1 Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.3 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.4 Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1843-1 CVE-2013-2116 Package Information: https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu1.1 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.3 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.4 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.4