CVE-2014-3466
Published: 1 June 2014
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
Priority
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.8.5-2ubuntu0.6)
|
precise |
Released
(2.12.14-5ubuntu3.8)
|
|
saucy |
Released
(2.12.23-1ubuntu4.3)
|
|
trusty |
Released
(2.12.23-12ubuntu2.1)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(2.12.23-15ubuntu2)
|
|
vivid |
Does not exist
|
|
Patches: upstream: https://www.gitorious.org/gnutls/gnutls/commit/89238044ade02c4d80e334ab74056ef28599663d |
||
gnutls28 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.0.11-1ubuntu2.1)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(3.2.11-2ubuntu1.1)
|
|
upstream |
Released
(3.1.25,3.2.15,3.3.4)
|
|
utopic |
Not vulnerable
(3.2.15-1)
|
|
vivid |
Not vulnerable
(3.2.15-1)
|
|
Patches: upstream: https://www.gitorious.org/gnutls/gnutls/commit/688ea6428a432c39203d00acd1af0e7684e5ddfd upstream: https://www.gitorious.org/gnutls/gnutls/commit/a7be326f0e33cf7ce52b36474c157f782d9ca977 |