Lucene search

K
slackwareSlackware Linux ProjectSSA-2013-242-01
HistoryAug 30, 2013 - 7:46 a.m.

[slackware-security] gnutls

2013-08-3007:46:14
Slackware Linux Project
www.slackware.com
18

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

EPSS

0.004

Percentile

75.2%

New gnutls packages are available for Slackware 14.0, and -current to fix a
security issue.

Here are the details from the Slackware 14.0 ChangeLog:

patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz: Upgraded.
This update prevents a side-channel attack which may allow remote attackers
to conduct distinguishing attacks and plaintext recovery attacks using
statistical analysis of timing data for crafted packets.
For more information, see:
https://vulners.com/cve/CVE-2013-1619
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnutls-3.0.26-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnutls-3.0.26-x86_64-1_slack14.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.0.26-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.0.26-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
b4871658060b56ee03e2d04a9d5b96e4 gnutls-3.0.26-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
976ca3bf65238d75a027cb2203cf9612 gnutls-3.0.26-x86_64-1_slack14.0.txz

Slackware -current package:
16e99934d07c8aab09016e0cb2c6cfa1 n/gnutls-3.0.26-i486-1.txz

Slackware x86_64 -current package:
dffa995fb8369f1c7afd7342dd31697e n/gnutls-3.0.26-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg gnutls-3.0.26-i486-1_slack14.0.txz

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

EPSS

0.004

Percentile

75.2%