Описание
ELSA-2014-0246: gnutls security update (IMPORTANT)
[2.8.5-13]
- fix CVE-2014-0092 (#1069890)
[2.8.5-12]
- fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch (#966754)
[2.8.5-11]
- fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
gnutls
2.8.5-13.el6_5
gnutls-devel
2.8.5-13.el6_5
gnutls-guile
2.8.5-13.el6_5
gnutls-utils
2.8.5-13.el6_5
Oracle Linux i686
gnutls
2.8.5-13.el6_5
gnutls-devel
2.8.5-13.el6_5
gnutls-guile
2.8.5-13.el6_5
gnutls-utils
2.8.5-13.el6_5
Связанные CVE
Связанные уязвимости
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.