Headline
Ubuntu Security Notice USN-5750-1
Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.
=========================================================================Ubuntu Security Notice USN-5750-1November 30, 2022gnutls28 vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:GnuTLS could be made to crash if it received specially crafted networktraffic from an authenticated client.Software Description:- gnutls28: GNU TLS libraryDetails:It was discovered that GnuTLS incorrectly handled certain memoryoperations. A remote attacker could possibly use this issue to cause GnuTLSto crash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: libgnutls30 3.4.10-4ubuntu1.9+esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5750-1 CVE-2021-4209
Related news
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.