Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1573

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Related bugs and status

CVE-2012-1573 (Candidate) is related to these bugs:

Bug #978661: [Precise] gnutls26 is vulnerable to CVE-2012-1573

Summary				In	Importance	Status
	978661	[Precise] gnutls26 is vulnerable to CVE-2012-1573		gnutls26 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [gnutls-devel] 2012030...
MLIST: [gnutls-devel] 2012030...
MLIST: [oss-security] 2012032...
MLIST: [oss-security] 2012032...
MISC: http://blog.mudynamics...
CONFIRM: http://git.savannah.gn...
CONFIRM: http://git.savannah.gn...
CONFIRM: http://www.gnu.org/sof...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2012:0429
OSVDB: 80259
SECUNIA: 48596
UBUNTU: USN-1418-1
BUGTRAQ: 20120320 Mu Dynamics, ...
SECTRACK: 1026828
SECUNIA: 48488
SECUNIA: 48712
REDHAT: RHSA-2012:0488
REDHAT: RHSA-2012:0531
SUSE: SUSE-SU-2014:0320
SECUNIA: 57260
FEDORA: FEDORA-2012-4569
SECUNIA: 48511
FEDORA: FEDORA-2012-4578
BID: 52667
DEBIAN: DSA-2441
MANDRIVA: MDVSA-2012:040