[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1UO6zo-0004ra-EF@titan.mandriva.com>
Date: Fri, 05 Apr 2013 15:48:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:040 ] gnutls
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:040
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : gnutls
Date : April 5, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Nadhem Alfardan and Kenny Paterson devised an attack that recovers
some bits of the plaintext of a GnuTLS session that utilizes that
CBC ciphersuites, by using timing information (CVE-2013-1619).
The gnutls package has been updated to latest 3.0.28 version to fix
above problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0050
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
942151b0666c9b58dec41ac9e6b84bac mbs1/x86_64/gnutls-3.0.28-1.mbs1.x86_64.rpm
a11ec1c9901d1e60525241e4fb7b3328 mbs1/x86_64/lib64gnutls28-3.0.28-1.mbs1.x86_64.rpm
5ab8a36480a1d286b51039e082cd6198 mbs1/x86_64/lib64gnutls-devel-3.0.28-1.mbs1.x86_64.rpm
a269eabac3f59f8c97521a1a372f8ffb mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.mbs1.x86_64.rpm
06ddda051bcdd9787c1b55732994df95 mbs1/x86_64/lib64tasn1_3-2.14-1.mbs1.x86_64.rpm
4e4baa2bc639b93ad1d372af7ad8b8ec mbs1/x86_64/lib64tasn1-devel-2.14-1.mbs1.x86_64.rpm
9554ffa6981c65d56214ec731c27494e mbs1/x86_64/libtasn1-tools-2.14-1.mbs1.x86_64.rpm
4a46d2f718c65a76c55af4161e3d9d72 mbs1/SRPMS/gnutls-3.0.28-1.mbs1.src.rpm
03c3cec31c63d818223aa6ec87bfba73 mbs1/SRPMS/libtasn1-2.14-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRXqv1mqjQ0CJFipgRAs9sAKCh4WZULtBW4yVLfGZ0QN2TgWscRgCdHTX4
Zxgfgl9XjV6TRIYuNnrREp8=
=Wocj
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists