==========================================================================
Ubuntu Security Notice USN-2821-1
November 30, 2015

gnutls26 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

GnuTLS could be made to expose sensitive information over the network.

Software Description:
– gnutls26: GNU TLS library

Details:

It was discovered that GnuTLS incorrectly validated the first byte of
padding in CBC modes. A remote attacker could possibly use this issue to
perform a padding oracle attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.3

Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2821-1
https://launchpad.net/bugs/1510163

Package Information:
https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.3
https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWXLO+AAoJEGVp2FWnRL6Tb/gP+gPd83r8uaB7+M4YYONCPdmH
mpgk+lxK3LXJfv0cZvcjxG+etuqe6K4cg54J6z19hlruAoO8TRH8OExd8LjbYjJo
U1uzB3u0poGpzP11qLLR/PyT3X+T/hajKNaO+9OC4LikRhXfhgtCm/ygWW+vi6qh
iOowjuH6jBDIR10avSck6NQznQL8jnPStG0/2sk07JzgUMMg0H3Ub4E/4ourMSTO
lv6tPtzf3vzmcgDnEWmQ1l8Socf3wXAUIIHqD0WyI5la4KVFjC/nJwkCBSmxYrrw
48phhCNHCZtVI29KSVgCvY0+DW2tGVl6qIBl/+CTVDoPEwEsomQOWwTXZummeJSC
zffDAwt0kY+l4pCLhYoRo1nCMAzc4IrpWHnMkRp6od6B83oOUewHoG0MBjBBY4C4
4jOGXcjXRJTGXvcAURgYfI1PKTBoofn5NyLWH0jcIaczq6FdwEG05DQKrAAoLp2N
VsHjMc+qSxJcwfwFZ5ywRHG6Jos5NzTcguwyMF7AFTP8De6rBPjUL621LOsADOzN
hVElwKmvQ5zlZbpUqBaqsUgLOcjDLdODOYbUae19TkjCnOXF5VRKUwb/nU6oBMYU
3U7FvM5cT+HU4KZusaKuIb4NZSfPE92bnV6ir0gOlg0wQHmLtSe0ukribF/B4BC1
WtL0Xh6gaf3vBBS3lb3v
=hlXu
—–END PGP SIGNATURE—–
—