[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

116471

 
 

909

 
 

91176

 
 

140

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2013:019 -- Mandriva gnutls

ID: oval:org.secpod.oval:def:1300166Date: (C)2013-04-08   (M)2018-10-04
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in gnutls: A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session . This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746 . The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 . The updated packages have been patched to correct these issues.

Platform:
Mandriva Enterprise Server 5.2
Product:
gnutls
Reference:
MDVSA-2013:019
CVE-2009-3555
CVE-2013-0169
CVE-2013-1619
CVE    3
CVE-2013-1619
CVE-2013-0169
CVE-2009-3555

© SecPod Technologies