[Bug 1630544] [NEW] CVE-2016-7444 vulnerability

Derec 1630544 at bugs.launchpad.net
Wed Oct 5 11:29:01 UTC 2016 

Public bug reported:

From: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444

Vulnerability Summary for CVE-2016-7444
Original release date: 09/27/2016
Last revised: 09/28/2016
Source: US-CERT/NIST
Overview

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS
before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length
of an OCSP response, which might allow remote attackers to bypass an
intended certificate validation mechanism via vectors involving trailing
bytes left by gnutls_malloc.


https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444 lists all versions pre 3.4.15 as vulnerable so 26 (2.12) should be assumed to be vulnerable. 
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7444 lists gnutls28 as vulnerable but does not mention gnutls26.

** Affects: gnutls26 (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1630544

Title:
  CVE-2016-7444 vulnerability

Status in gnutls26 package in Ubuntu:
  New

Bug description:
  From: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444

  Vulnerability Summary for CVE-2016-7444
  Original release date: 09/27/2016
  Last revised: 09/28/2016
  Source: US-CERT/NIST
  Overview

  The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS
  before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length
  of an OCSP response, which might allow remote attackers to bypass an
  intended certificate validation mechanism via vectors involving
  trailing bytes left by gnutls_malloc.

  
  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444 lists all versions pre 3.4.15 as vulnerable so 26 (2.12) should be assumed to be vulnerable. 
  https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7444 lists gnutls28 as vulnerable but does not mention gnutls26.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1630544/+subscriptions

More information about the foundations-bugs mailing list