| |||||||||||||||||||
Ubuntu alert USN-1752-1 (gnutls13, gnutls26)
========================================================================== Ubuntu Security Notice USN-1752-1 February 27, 2013 gnutls13, gnutls26 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: GnuTLS could be made to expose sensitive information over the network. Software Description: - gnutls26: GNU TLS library - gnutls13: GNU TLS library Details: Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.2 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.2 Ubuntu 11.10: libgnutls26 2.10.5-1ubuntu3.3 Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.3 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.9 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1752-1 CVE-2013-1619 Package Information: https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ub... https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ub... https://launchpad.net/ubuntu/+source/gnutls26/2.10.5-1ubu... https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubun... https://launchpad.net/ubuntu/+source/gnutls13/2.0.4-1ubun... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||