Описание
ELSA-2013-0588: gnutls security update (MODERATE)
[2.8.5-10.1]
- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
gnutls
1.4.1-10.el5_9.1
gnutls-devel
1.4.1-10.el5_9.1
gnutls-utils
1.4.1-10.el5_9.1
Oracle Linux x86_64
gnutls
1.4.1-10.el5_9.1
gnutls-devel
1.4.1-10.el5_9.1
gnutls-utils
1.4.1-10.el5_9.1
Oracle Linux i386
gnutls
1.4.1-10.el5_9.1
gnutls-devel
1.4.1-10.el5_9.1
gnutls-utils
1.4.1-10.el5_9.1
Oracle Linux 6
Oracle Linux x86_64
gnutls
2.8.5-10.el6_4.1
gnutls-devel
2.8.5-10.el6_4.1
gnutls-guile
2.8.5-10.el6_4.1
gnutls-utils
2.8.5-10.el6_4.1
Oracle Linux i686
gnutls
2.8.5-10.el6_4.1
gnutls-devel
2.8.5-10.el6_4.1
gnutls-guile
2.8.5-10.el6_4.1
gnutls-utils
2.8.5-10.el6_4.1
Связанные CVE
Связанные уязвимости
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.