ALT Linux Team

Package gnutls30 update in p8 on 2018-12-28

ALT-PU-2018-2976-1

Package gnutls30 updated to version 3.6.5-alt2.M80P.1 for branch p8 in task 217493.

Closed vulnerabilities

Published: 2018-11-30

BDU:2019-00776

Уязвимость криптографической библиотеки GnuTLS, связанная с ошибкой проверки дешифрованных данных RSA, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (4.7) Vector: AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-12-03
Modified: 2024-11-21

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
References:

Closed bugs

Bug #35414

Рассмотреть вопрос об обновлении gnutls до версии 3.6.3 с поддержкой ГОСТ-овой криптографии

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top