Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 20.04: 2020-3837d1b9d8 High OpenSSL Information Disclosure

fedora
Calendar Grey January 11, 2019
Dist Fedora Esm H88
Update Fedora 28 to secure against the CVE-2018-16868 vulnerability in GnuTLS. Run updates and check your package version for safety
Security fix for CVE-2018-16868

Summary

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS

protocols and technologies around them. It provides a simple C language

application programming interface (API) to access the secure communications

protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and

other required structures.

Security fix for CVE-2018-16868

* Wed Jan 2 2019 Anderson Sasaki - 3.6.5-1

- Updated to upstream 3.6.5 release

- Fixed CVE-2018-16868 (#1659095)

* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1

- Updated to upstream 3.6.4 release

- Added support for the latest version of the TLS1.3 protocol

- The TLS1.3 protocol remains disabled by default

- Enabled SHA1 support as SHA1 deprecation is handled via the

fedora crypto policies.

* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4

- Fixed gnutls-cli input reading

- Ensure that we do not cause issues with version rollback detection

and TLS1.3.

* Tue Aug 7 2018 Nikos Mavrogiannopoulos - 3.6.3-3

- Fixed ECDSA public key import (#1612803)

* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-2

- Backported regression fixes from 3.6.2

* Mon Jul 16 2018 Nikos Mavrogiannopoulos - 3.6.3-1

- Update to upstream 3.6.3 release

* Wed Jun 13 2018 Nikos Mavrogiannopoulos - 3.6.2-4

- Enable FIPS140-2 mode in Fedora

* Wed Jun 6 2018 Nikos Mavrogiannopoulos - 3.6.2-3

- Update to upstream 3.6.2 release

* Fri May 25 2018 David Abdurachmanov - 3.6.2-2

- Add missing BuildRequires: gnupg2 for gpgv2 in %prep

[ 1 ] Bug #1654929 - CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification

https://bugzilla.redhat.com/show_bug.cgi?id=1654929

su -c 'dnf upgrade --advisory FEDORA-2019-24dc022a51' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory denial of service fedora critical patch gnutls

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 3.6.5
Release: 1.fc28
URL: http://www.gnutls.org/
Summary: A TLS protocol implementation

Topics%20covered

Topics Covered

security advisory denial of service fedora critical patch gnutls

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here