It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. The oldstable distribution is not affected because the security fix that introduced this vulnerability was not applied to it.