What is the severity of USN-3183-1?

The severity of USN-3183-1 is categorized as critical due to potential bypass of certificate validation.

How do I fix USN-3183-1?

To fix USN-3183-1, upgrade to the patched version of GnuTLS as specified in the advisory for your Ubuntu version.

Which Ubuntu versions are affected by USN-3183-1?

USN-3183-1 affects Ubuntu versions 16.04 LTS, 16.10, 14.04 LTS, and 12.04 LTS with specific GnuTLS package versions.

What is the impact of not addressing USN-3183-1?

Failing to address USN-3183-1 can result in a remote attacker bypassing certificate validation, leading to security breaches.

Who discovered the vulnerability detailed in USN-3183-1?

The vulnerability in USN-3183-1 was discovered by researcher Stefan Buehler.

Vulnerability/
USN-3183-1

1/2/2017

USN-3183-1: GnuTLS vulnerabilities

First published: Wed Feb 01 2017(Updated: )

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)

Affected Software	Affected Version	How to fix
All of
ubuntu/libgnutls30	<3.5.3-5ubuntu1.1	3.5.3-5ubuntu1.1
Ubuntu gir1.2-packagekitglib-1.0	=16.10
All of
ubuntu/libgnutls30	<3.4.10-4ubuntu1.2	3.4.10-4ubuntu1.2
Ubuntu gir1.2-packagekitglib-1.0	=16.04
All of
ubuntu/libgnutls26	<2.12.23-12ubuntu2.6	2.12.23-12ubuntu2.6
Ubuntu gir1.2-packagekitglib-1.0	=14.04
All of
ubuntu/libgnutls26	<2.12.14-5ubuntu3.13	2.12.14-5ubuntu3.13
Ubuntu gir1.2-packagekitglib-1.0	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-3183-1?
The severity of USN-3183-1 is categorized as critical due to potential bypass of certificate validation.
How do I fix USN-3183-1?
To fix USN-3183-1, upgrade to the patched version of GnuTLS as specified in the advisory for your Ubuntu version.
Which Ubuntu versions are affected by USN-3183-1?
USN-3183-1 affects Ubuntu versions 16.04 LTS, 16.10, 14.04 LTS, and 12.04 LTS with specific GnuTLS package versions.
What is the impact of not addressing USN-3183-1?
Failing to address USN-3183-1 can result in a remote attacker bypassing certificate validation, leading to security breaches.
Who discovered the vulnerability detailed in USN-3183-1?
The vulnerability in USN-3183-1 was discovered by researcher Stefan Buehler.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu gir1.2-packagekitglib-1.0
version/ubuntu gir1.2-packagekitglib-1.0/16.10
version/ubuntu gir1.2-packagekitglib-1.0/16.04
version/ubuntu gir1.2-packagekitglib-1.0/14.04
version/ubuntu gir1.2-packagekitglib-1.0/12.04