Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "gnutls26-doc": "2.12.23-12ubuntu2.1", "libgnutls26-dbg": "2.12.23-12ubuntu2.1", "libgnutlsxx27": "2.12.23-12ubuntu2.1", "libgnutls26": "2.12.23-12ubuntu2.1", "gnutls-bin": "3.0.11+really2.12.23-12ubuntu2.1", "libgnutls-openssl27": "2.12.23-12ubuntu2.1", "libgnutls-dev": "2.12.23-12ubuntu2.1" } ] }