A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
{
"binaries": [
{
"binary_version": "3.0.11+really2.12.23-12ubuntu2.8",
"binary_name": "gnutls-bin"
},
{
"binary_version": "2.12.23-12ubuntu2.8",
"binary_name": "libgnutls-dev"
},
{
"binary_version": "2.12.23-12ubuntu2.8",
"binary_name": "libgnutls-openssl27"
},
{
"binary_version": "2.12.23-12ubuntu2.8",
"binary_name": "libgnutls26"
},
{
"binary_version": "2.12.23-12ubuntu2.8",
"binary_name": "libgnutlsxx27"
}
]
}
{
"binaries": [
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "gnutls-bin"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "guile-gnutls"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "libgnutls-dev"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "libgnutls-openssl27"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "libgnutls28-dev"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "libgnutls30"
},
{
"binary_version": "3.4.10-4ubuntu1.9+esm1",
"binary_name": "libgnutlsxx28"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
{
"binaries": [
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "gnutls-bin"
},
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "libgnutls-dane0"
},
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "libgnutls-openssl27"
},
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "libgnutls28-dev"
},
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "libgnutls30"
},
{
"binary_version": "3.5.18-1ubuntu1.6",
"binary_name": "libgnutlsxx28"
}
],
"availability": "No subscription required"
}
{
"binaries": [
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "gnutls-bin"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "guile-gnutls"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "libgnutls-dane0"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "libgnutls-openssl27"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "libgnutls28-dev"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "libgnutls30"
},
{
"binary_version": "3.6.13-2ubuntu1.7",
"binary_name": "libgnutlsxx28"
}
],
"availability": "No subscription required"
}