A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "gnutls-bin-dbgsym", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "gnutls-doc", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "guile-gnutls", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "guile-gnutls-dbgsym", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls-dev", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls-openssl27-dbgsym", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls30", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutls30-dbgsym", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.4.10-4ubuntu1.9+esm1" }, { "binary_name": "libgnutlsxx28-dbgsym", "binary_version": "3.4.10-4ubuntu1.9+esm1" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "gnutls-bin-dbgsym", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "gnutls-doc", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-dane0", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-dane0-dbgsym", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls-openssl27-dbgsym", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls30", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutls30-dbgsym", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.5.18-1ubuntu1.6" }, { "binary_name": "libgnutlsxx28-dbgsym", "binary_version": "3.5.18-1ubuntu1.6" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "gnutls-bin", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "gnutls-bin-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "gnutls-doc", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "guile-gnutls", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "guile-gnutls-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-dane0", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-dane0-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-openssl27", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls-openssl27-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls28-dev", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls30", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutls30-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutlsxx28", "binary_version": "3.6.13-2ubuntu1.7" }, { "binary_name": "libgnutlsxx28-dbgsym", "binary_version": "3.6.13-2ubuntu1.7" } ], "availability": "No subscription required" }