Lucene search

K
redhatRedHatRHSA-2013:0588
HistoryMar 04, 2013 - 12:00 a.m.

(RHSA-2013:0588) Moderate: gnutls security update

2013-03-0400:00:00
access.redhat.com
18

EPSS

0.004

Percentile

75.2%

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

It was discovered that GnuTLS leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-1619)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all applications linked to the GnuTLS library must be restarted,
or the system rebooted.