Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Debian 10: 2020-2b8ec3895a Vital: OpenSSL Security Patch

fedora
Calendar Grey January 15, 2019
Dist Fedora Esm H88
Important security enhancement for Fedora 28 gnutls framework, focusing on improvements to protocols and essential dependencies for increased safety.
Added explicit Requires for nettle >= 3.4.1

Summary

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS

protocols and technologies around them. It provides a simple C language

application programming interface (API) to access the secure communications

protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and

other required structures.

Added explicit Requires for nettle >= 3.4.1

* Fri Jan 11 2019 Anderson Sasaki - 3.6.5-2

- Add explicit Requires for nettle >= 3.4.1

* Wed Jan 2 2019 Anderson Sasaki - 3.6.5-1

- Updated to upstream 3.6.5 release

- Fixed CVE-2018-16868 (#1659095)

* Tue Sep 25 2018 Nikos Mavrogiannopoulos - 3.6.4-1

- Updated to upstream 3.6.4 release

- Added support for the latest version of the TLS1.3 protocol

- The TLS1.3 protocol remains disabled by default

- Enabled SHA1 support as SHA1 deprecation is handled via the

fedora crypto policies.

* Thu Aug 16 2018 Nikos Mavrogiannopoulos - 3.6.3-4

- Fixed gnutls-cli input reading

- Ensure that we do not cause issues with version rollback detection

and TLS1.3.

* Tue Aug 7 2018 Nikos Mavrogiannopoulos - 3.6.3-3

- Fixed ECDSA public key import (#1612803)

* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-2

- Backported regression fixes from 3.6.2

* Mon Jul 16 2018 Nikos Mavrogiannopoulos - 3.6.3-1

- Update to upstream 3.6.3 release

* Wed Jun 13 2018 Nikos Mavrogiannopoulos - 3.6.2-4

- Enable FIPS140-2 mode in Fedora

* Wed Jun 6 2018 Nikos Mavrogiannopoulos - 3.6.2-3

- Update to upstream 3.6.2 release

* Fri May 25 2018 David Abdurachmanov - 3.6.2-2

- Add missing BuildRequires: gnupg2 for gpgv2 in %prep

[ 1 ] Bug #1659095 - CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1659095

[ 2 ] Bug #1665484 - /usr/lib64/libgnutls.so: undefined reference to `nettle_rsa_sec_decrypt@HOGWEED_4' in gnutls 3.6.5-1.fc28

https://bugzilla.redhat.com/show_bug.cgi?id=1665484

su -c 'dnf upgrade --advisory FEDORA-2019-1a0d4443f8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory security update fedora critical gnutls tls decryption

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 3.6.5
Release: 2.fc28
URL: http://www.gnutls.org/
Summary: A TLS protocol implementation

Topics%20covered

Topics Covered

security advisory security update fedora critical gnutls tls decryption

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here