Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in GNU Transport Layer Security Library
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in GNU Transport Layer Security Library
ID: USN-2821-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS
Datum: Di, 1. Dezember 2015, 07:36
Referenzen: https://launchpad.net/bugs/1510163
Applikationen: GNU Transport Layer Security Library

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6777996433410914631==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="bUnNMgClxKmbIQX0kcpn7946SsmrJKOnB"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--bUnNMgClxKmbIQX0kcpn7946SsmrJKOnB
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2821-1
November 30, 2015

gnutls26 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

GnuTLS could be made to expose sensitive information over the network.

Software Description:
- gnutls26: GNU TLS library

Details:

It was discovered that GnuTLS incorrectly validated the first byte of
padding in CBC modes. A remote attacker could possibly use this issue to
perform a padding oracle attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.3

Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2821-1
https://launchpad.net/bugs/1510163

Package Information:
https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.3
https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.10



--bUnNMgClxKmbIQX0kcpn7946SsmrJKOnB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWXLO+AAoJEGVp2FWnRL6Tb/gP+gPd83r8uaB7+M4YYONCPdmH
mpgk+lxK3LXJfv0cZvcjxG+etuqe6K4cg54J6z19hlruAoO8TRH8OExd8LjbYjJo
U1uzB3u0poGpzP11qLLR/PyT3X+T/hajKNaO+9OC4LikRhXfhgtCm/ygWW+vi6qh
iOowjuH6jBDIR10avSck6NQznQL8jnPStG0/2sk07JzgUMMg0H3Ub4E/4ourMSTO
lv6tPtzf3vzmcgDnEWmQ1l8Socf3wXAUIIHqD0WyI5la4KVFjC/nJwkCBSmxYrrw
48phhCNHCZtVI29KSVgCvY0+DW2tGVl6qIBl/+CTVDoPEwEsomQOWwTXZummeJSC
zffDAwt0kY+l4pCLhYoRo1nCMAzc4IrpWHnMkRp6od6B83oOUewHoG0MBjBBY4C4
4jOGXcjXRJTGXvcAURgYfI1PKTBoofn5NyLWH0jcIaczq6FdwEG05DQKrAAoLp2N
VsHjMc+qSxJcwfwFZ5ywRHG6Jos5NzTcguwyMF7AFTP8De6rBPjUL621LOsADOzN
hVElwKmvQ5zlZbpUqBaqsUgLOcjDLdODOYbUae19TkjCnOXF5VRKUwb/nU6oBMYU
3U7FvM5cT+HU4KZusaKuIb4NZSfPE92bnV6ir0gOlg0wQHmLtSe0ukribF/B4BC1
WtL0Xh6gaf3vBBS3lb3v
=hlXu
-----END PGP SIGNATURE-----

--bUnNMgClxKmbIQX0kcpn7946SsmrJKOnB--


--===============6777996433410914631==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6777996433410914631==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung