[Bug 1166634] Re: gnutls26 crashes on particularly malformed crypt stream
Andreas Metzler
1166634 at bugs.launchpad.net
Sat May 25 09:47:18 UTC 2013
See upstream commit
https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1166634
Title:
gnutls26 crashes on particularly malformed crypt stream
Status in “gnutls26” package in Ubuntu:
New
Bug description:
The patch for CVE-2013-1619 has a bug. It fails to do proper range
protection. The attached patch may not be correct insofar as
reintroducing a timing exposure; but it does stop the segfaults, which
are perhaps more problematic.
This is a security issue becuase crashes in libgnutls are inherently
security issues.
I triggered this by trying to access https URLs via an "all_proxy" in
libcurl-gnutls.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1166634/+subscriptions
More information about the foundations-bugs
mailing list