Synopsis: Moderate: gnutls security update
Issue Date: 2013-03-04
CVE Numbers: CVE-2013-1619
—
It was discovered that GnuTLS leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-1619)
For the update to take effect, all applications linked to the GnuTLS
library must be restarted, or the system rebooted.
—
SL5
x86_64
gnutls-1.4.1-10.el5_9.1.i386.rpm
gnutls-1.4.1-10.el5_9.1.x86_64.rpm
gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm
gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm
gnutls-devel-1.4.1-10.el5_9.1.i386.rpm
gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm
i386
gnutls-1.4.1-10.el5_9.1.i386.rpm
gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm
gnutls-utils-1.4.1-10.el5_9.1.i386.rpm
gnutls-devel-1.4.1-10.el5_9.1.i386.rpm
SL6
x86_64
gnutls-2.8.5-10.el6_4.1.i686.rpm
gnutls-2.8.5-10.el6_4.1.x86_64.rpm
gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm
gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm
gnutls-devel-2.8.5-10.el6_4.1.i686.rpm
gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm
gnutls-guile-2.8.5-10.el6_4.1.i686.rpm
gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm
i386
gnutls-2.8.5-10.el6_4.1.i686.rpm
gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm
gnutls-utils-2.8.5-10.el6_4.1.i686.rpm
gnutls-devel-2.8.5-10.el6_4.1.i686.rpm
gnutls-guile-2.8.5-10.el6_4.1.i686.rpm
– Scientific Linux Development Team
