Lucene search

K
ubuntuUbuntuUSN-1752-1
HistoryFeb 27, 2013 - 12:00 a.m.

GnuTLS vulnerability

2013-02-2700:00:00
ubuntu.com
33

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • gnutls13 - GNU TLS library
  • gnutls26 - GNU TLS library

Details

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in GnuTLS was vulnerable to a timing side-channel attack known as the
“Lucky Thirteen” issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibgnutls13< 2.0.4-1ubuntu2.9UNKNOWN
Ubuntu8.04noarchgnutls-bin< 2.0.4-1ubuntu2.9UNKNOWN
Ubuntu8.04noarchlibgnutls-dev< 2.0.4-1ubuntu2.9UNKNOWN
Ubuntu8.04noarchlibgnutls13-dbg< 2.0.4-1ubuntu2.9UNKNOWN
Ubuntu8.04noarchlibgnutlsxx13< 2.0.4-1ubuntu2.9UNKNOWN
Ubuntu12.10noarchlibgnutls26< 2.12.14-5ubuntu4.2UNKNOWN
Ubuntu12.10noarchgnutls-bin< 3.0.11+really2.12.14-5ubuntu4.2UNKNOWN
Ubuntu12.10noarchlibgnutls-dev< 2.12.14-5ubuntu4.2UNKNOWN
Ubuntu12.10noarchlibgnutls-openssl27< 2.12.14-5ubuntu4.2UNKNOWN
Ubuntu12.10noarchlibgnutls26-dbg< 2.12.14-5ubuntu4.2UNKNOWN
Rows per page:
1-10 of 281

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

75.2%