[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2013:019 -- Mandriva gnutls

ID: oval:org.secpod.oval:def:1300166Date: (C)2013-04-08   (M)2017-09-22
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in gnutls: A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session . This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746 . The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 . The updated packages have been patched to correct these issues.

Platform:
Mandriva Enterprise Server 5.2
Product:
gnutls
Reference:
MDVSA-2013:019
CVE-2009-3555
CVE-2013-0169
CVE-2013-1619
CVE    3
CVE-2009-3555
CVE-2013-0169
CVE-2013-1619
CPE    182
cpe:/a:gnu:gnutls:2.12.16
cpe:/a:gnu:gnutls:2.12.15
cpe:/a:gnu:gnutls:2.12.19
cpe:/a:gnu:gnutls:2.12.18
...

© 2013 SecPod Technologies