drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Problem in SSL-Verschlüsselung in GnuTLS
Name: |
Problem in SSL-Verschlüsselung in GnuTLS |
|
ID: |
USN-1752-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Mi, 27. Februar 2013, 15:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6126308485377735149== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD95D442485ADAC22F6CE035B"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD95D442485ADAC22F6CE035B Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1752-1 February 27, 2013
gnutls13, gnutls26 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
GnuTLS could be made to expose sensitive information over the network.
Software Description: - gnutls26: GNU TLS library - gnutls13: GNU TLS library
Details:
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.2
Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.2
Ubuntu 11.10: libgnutls26 2.10.5-1ubuntu3.3
Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.3
Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.9
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1752-1 CVE-2013-1619
Package Information: https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.2 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.2 https://launchpad.net/ubuntu/+source/gnutls26/2.10.5-1ubuntu3.3 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.3 https://launchpad.net/ubuntu/+source/gnutls13/2.0.4-1ubuntu2.9
--------------enigD95D442485ADAC22F6CE035B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRLhAIAAoJEGVp2FWnRL6TfVsP/2RrfhRI4BMxHR/g2ALF8q1B rb/M9upCSwIieVkJ3KwQyTMMCpvKL3d70xQQ03RrBRxnIGNoywkDk+q+CvVA2n5i WcrYTrVRNtEVzgRNiNJrcME6soDMJ5MrqJs82hLKX9XcXMUWPP6KE6MZ95B/rglH NjtkBS9lOXEiX2tYIR7YDH+7ZD17z/GOKecl8NaN/yOut47DOo7wujJuOqYykz9J ojc6jKPPML77hIhyLnK0HJ+eu6YYw87UVylhgodNNreOidZ28VRB1XnTgVmIv2Ze 1pC4AbK/pDhrplJykunaPgZcZs37wsO63d6UGqGvrIASeqjTYTg0IztEhEAqK1x3 xt25U9lXI30C73njQ8Wm+gRd7cJyA/ZxkItCC0xaFanZUTaD2Wnz4qCTd/XEco0w Z+7N8Yu3EY9HwQjykMkYEWm/kDQ/ilJYuu1VQ6HO5HtvtHiwfkgA/pPHMRlY9rDl p4r5Yhb0mgcF5EVEhLzAIbuFJRgUyBN8dBYWLOETsJ8W7qKGwO0HLseGXJlghx1q uzTdMMWUP6alGHwRwBphckCiblc0l+l+QDOyLEJVq+C/zhDEZYoKjR8ZoF2gkXL7 hFKwZ0A+qIFGA/XgJjrRT0RhyxceujRetg9EyCAOjOi5TU8ihpXKW0qoT1wWuUvz Vp3pXbKcP0gxDJFD1ckI =2OaR -----END PGP SIGNATURE-----
--------------enigD95D442485ADAC22F6CE035B--
--===============6126308485377735149== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6126308485377735149==--
|
|
|
|