MGASA-2013-0050
| Date: | February 13th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Nadhem Alfardan and Kenny Paterson devised an attack that recovers
some bits of the plaintext of a GnuTLS session that utilizes that CBC
ciphersuites, by using timing information (CVE-2013-1619).
The gnutls package has been updated to latest 3.0.28 version to fix
above problem.
Updated Packages:
i586:
gnutls-3.0.28-3.mga2.i586.rpm
libgnutls28-3.0.28-3.mga2.i586.rpm
libgnutls-devel-3.0.28-3.mga2.i586.rpm
libgnutls-ssl27-3.0.28-3.mga2.i586.rpm
gnutls-debug-3.0.28-3.mga2.i586.rpm
libtasn1_3-2.14-1.mga2.i586.rpm
libtasn1-devel-2.14-1.mga2.i586.rpm
libtasn1-tools-2.14-1.mga2.i586.rpm
libtasn1-debug-2.14-1.mga2.i586.rpm
x86_64:
gnutls-3.0.28-3.mga2.x86_64.rpm
lib64gnutls28-3.0.28-3.mga2.x86_64.rpm
lib64gnutls-devel-3.0.28-3.mga2.x86_64.rpm
lib64gnutls-ssl27-3.0.28-3.mga2.x86_64.rpm
gnutls-debug-3.0.28-3.mga2.x86_64.rpm
lib64tasn1_3-2.14-1.mga2.x86_64.rpm
lib64tasn1-devel-2.14-1.mga2.x86_64.rpm
libtasn1-tools-2.14-1.mga2.x86_64.rpm
libtasn1-debug-2.14-1.mga2.x86_64.rpm
SRPMS:
gnutls-3.0.28-3.mga2.src.rpm
libtasn1-2.14-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6578
https://bugs.mageia.org/show_bug.cgi?id=9038
