The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).
It was discovered that GnuTLS leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-1619)
Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all applications linked to the GnuTLS library must be restarted,
or the system rebooted.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390 | gnutls-guile | < 2.8.5-10.el6_4.1 | gnutls-guile-2.8.5-10.el6_4.1.s390.rpm |
RedHat | 6 | i686 | gnutls-guile | < 2.8.5-10.el6_4.1 | gnutls-guile-2.8.5-10.el6_4.1.i686.rpm |
RedHat | 5 | x86_64 | gnutls-devel | < 1.4.1-10.el5_9.1 | gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm |
RedHat | 5 | s390x | gnutls-debuginfo | < 1.4.1-10.el5_9.1 | gnutls-debuginfo-1.4.1-10.el5_9.1.s390x.rpm |
RedHat | 6 | ppc | gnutls-devel | < 2.8.5-10.el6_4.1 | gnutls-devel-2.8.5-10.el6_4.1.ppc.rpm |
RedHat | 5 | s390 | gnutls-devel | < 1.4.1-10.el5_9.1 | gnutls-devel-1.4.1-10.el5_9.1.s390.rpm |
RedHat | 5 | ppc | gnutls-utils | < 1.4.1-10.el5_9.1 | gnutls-utils-1.4.1-10.el5_9.1.ppc.rpm |
RedHat | 6 | x86_64 | gnutls-debuginfo | < 2.8.5-10.el6_4.1 | gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm |
RedHat | 6 | s390 | gnutls-debuginfo | < 2.8.5-10.el6_4.1 | gnutls-debuginfo-2.8.5-10.el6_4.1.s390.rpm |
RedHat | 6 | x86_64 | gnutls-devel | < 2.8.5-10.el6_4.1 | gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm |