RHSA-2013:0588-01 -- Redhat gnutlsID: oval:org.secpod.oval:def:501008 | Date: (C)2013-03-09 (M)2023-12-07 |
Class: PATCH | Family: unix |
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
Platform: |
Red Hat Enterprise Linux 6 |
Red Hat Enterprise Linux 5 |