Ubuntu Security Notice 5029-1 - It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
5768db6a331223ad45e9fe4bd50774650b9e2174686a39d3fa1b3829ceffe19e
==========================================================================
Ubuntu Security Notice USN-5029-1
August 02, 2021
gnutls28 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in GnuTLS.
Software Description:
- gnutls28: GNU TLS library
Details:
It was discovered that GnuTLS incorrectly handled sending certain
extensions when being used as a client. A remote attacker could use this
issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libgnutls30 3.6.13-2ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5029-1
CVE-2021-20231, CVE-2021-20232
Package Information:
https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.6