Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
100
security advisorymoderatedenial of serviceSUSE: 2024:1271-1 moderate: gnutls denial of service vulnerability
* bsc#1221242 * bsc#1221746 * bsc#1221747 Cross-References: . # Security update for gnutls Announcement ID: SUSE-SU-2024:1271-1 Rating: moderate References: * bsc#1221242 * bsc#1221746 * bsc#1221747 Cross-References: * CVE-2024-28834 * CVE-2024-28835 CVSS scores: * CVE-2024-28834 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28835 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) * CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: \- jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1271=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1271=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1271=1 * SUSELinux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1271=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1271=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1271=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1271=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutlsxx28-3.7.3-150400.4.44.1 * gnutls-guile-3.7.3-150400.4.44.1 * libgnutls-devel-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.44.1 * gnutls-guile-debuginfo-3.7.3-150400.4.44.1 * libgnutlsxx-devel-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * openSUSE Leap 15.5 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.44.1 * libgnutls-devel-32bit-3.7.3-150400.4.44.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.44.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.44.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 *gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutlsxx28-3.7.3-150400.4.44.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.44.1 * libgnutls-devel-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * libgnutlsxx-devel-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * Basesystem Module 15-SP5 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.44.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.44.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.44.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gnutls-3.7.3-150400.4.44.1 * libgnutls30-hmac-3.7.3-150400.4.44.1 * libgnutlsxx28-3.7.3-150400.4.44.1 * gnutls-guile-3.7.3-150400.4.44.1 * libgnutls-devel-3.7.3-150400.4.44.1 * libgnutls30-debuginfo-3.7.3-150400.4.44.1 * libgnutlsxx28-debuginfo-3.7.3-150400.4.44.1 * gnutls-guile-debuginfo-3.7.3-150400.4.44.1 * libgnutlsxx-devel-3.7.3-150400.4.44.1 * gnutls-debugsource-3.7.3-150400.4.44.1 * libgnutls30-3.7.3-150400.4.44.1 * gnutls-debuginfo-3.7.3-150400.4.44.1 * openSUSE Leap 15.4 (x86_64) * libgnutls30-32bit-3.7.3-150400.4.44.1 * libgnutls-devel-32bit-3.7.3-150400.4.44.1 * libgnutls30-32bit-debuginfo-3.7.3-150400.4.44.1 * libgnutls30-hmac-32bit-3.7.3-150400.4.44.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgnutls-devel-64bit-3.7.3-150400.4.44.1 *libgnutls30-64bit-debuginfo-3.7.3-150400.4.44.1 * libgnutls30-64bit-3.7.3-150400.4.44.1 * libgnutls30-hmac-64bit-3.7.3-150400.4.44.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28834.html * https://www.suse.com/security/cve/CVE-2024-28835.html * https://bugzilla.suse.com/show_bug.cgi?id=1221242 * https://bugzilla.suse.com/show_bug.cgi?id=1221746 * https://bugzilla.suse.com/show_bug.cgi?id=1221747 . GnuTLS vulnerability patches released for various SUSE platforms targeting critical risks and essential mitigations.. gnutls update,SUSE security,openSUSE advisory,security updates SUSE. . LinuxSecurity.com Team
Apr 12, 2024
SuSE
217
security advisorysecurity patchmoderate issueOracle Linux 9 ELSA-2023-1141 Moderate: gnutls Security Fix Details
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-1141 https://linux.oracle.com/errata/ELSA-2023-1141.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.7.6-18.el9_1.i686.rpm gnutls-3.7.6-18.el9_1.x86_64.rpm gnutls-c++-3.7.6-18.el9_1.i686.rpm gnutls-c++-3.7.6-18.el9_1.x86_64.rpm gnutls-dane-3.7.6-18.el9_1.i686.rpm gnutls-dane-3.7.6-18.el9_1.x86_64.rpm gnutls-devel-3.7.6-18.el9_1.i686.rpm gnutls-devel-3.7.6-18.el9_1.x86_64.rpm gnutls-utils-3.7.6-18.el9_1.x86_64.rpm aarch64: gnutls-3.7.6-18.el9_1.aarch64.rpm gnutls-c++-3.7.6-18.el9_1.aarch64.rpm gnutls-dane-3.7.6-18.el9_1.aarch64.rpm gnutls-devel-3.7.6-18.el9_1.aarch64.rpm gnutls-utils-3.7.6-18.el9_1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//gnutls-3.7.6-18.el9_1.src.rpm Related CVEs: CVE-2023-0361 Description of changes: [3.7.6-18] - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168610) [3.7.6-17] - Fix timing side-channel in TLS RSA key exchange (#2162600) [3.7.6-16] - fips: extend PCT to DH key generation (#2168610) [3.7.6-14] - fips: remove library path checking from FIPS integrity check (#2149638) - fips: rename hmac file to its previous name (#2149640) [3.7.6-13] - cipher: add restriction on CCM tag length under FIPS mode (#2144535) - nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2144537) _______________________________________________ El-errata mailing list
Mar 10, 2023
Oracle
217
security advisorysecurity issuesoftware updateOracle Linux 8 ELSA-2022-7105 Moderate: GnuTLS Fix for Security Issues
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-7105 https://linux.oracle.com/errata/ELSA-2022-7105.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.6.16-5.el8_6.i686.rpm gnutls-3.6.16-5.el8_6.x86_64.rpm gnutls-c++-3.6.16-5.el8_6.i686.rpm gnutls-c++-3.6.16-5.el8_6.x86_64.rpm gnutls-dane-3.6.16-5.el8_6.i686.rpm gnutls-dane-3.6.16-5.el8_6.x86_64.rpm gnutls-devel-3.6.16-5.el8_6.i686.rpm gnutls-devel-3.6.16-5.el8_6.x86_64.rpm gnutls-utils-3.6.16-5.el8_6.x86_64.rpm aarch64: gnutls-3.6.16-5.el8_6.aarch64.rpm gnutls-c++-3.6.16-5.el8_6.aarch64.rpm gnutls-dane-3.6.16-5.el8_6.aarch64.rpm gnutls-devel-3.6.16-5.el8_6.aarch64.rpm gnutls-utils-3.6.16-5.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/gnutls-3.6.16-5.el8_6.src.rpm Related CVEs: CVE-2022-2509 Description of changes: [3.6.16-5] - Fix double-free in gnutls_pkcs7_verify (#2109787) _______________________________________________ El-errata mailing list
Oct 26, 2022
•Important
Oracle
217
security advisoryupdate instructionssecurity issuesOracle Linux 9 ELSA-2022-6854 Moderate: Gnutls And Nettle Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-6854 https://linux.oracle.com/errata/ELSA-2022-6854.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.7.6-12.el9_0.i686.rpm gnutls-3.7.6-12.el9_0.x86_64.rpm gnutls-c++-3.7.6-12.el9_0.i686.rpm gnutls-c++-3.7.6-12.el9_0.x86_64.rpm gnutls-dane-3.7.6-12.el9_0.i686.rpm gnutls-dane-3.7.6-12.el9_0.x86_64.rpm gnutls-devel-3.7.6-12.el9_0.i686.rpm gnutls-devel-3.7.6-12.el9_0.x86_64.rpm gnutls-utils-3.7.6-12.el9_0.x86_64.rpm nettle-3.8-3.el9_0.i686.rpm nettle-3.8-3.el9_0.x86_64.rpm nettle-devel-3.8-3.el9_0.i686.rpm nettle-devel-3.8-3.el9_0.x86_64.rpm aarch64: gnutls-3.7.6-12.el9_0.aarch64.rpm gnutls-c++-3.7.6-12.el9_0.aarch64.rpm gnutls-dane-3.7.6-12.el9_0.aarch64.rpm gnutls-devel-3.7.6-12.el9_0.aarch64.rpm gnutls-utils-3.7.6-12.el9_0.aarch64.rpm nettle-3.8-3.el9_0.aarch64.rpm nettle-devel-3.8-3.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/gnutls-3.7.6-12.el9_0.src.rpm https://oss.oracle.com:443/ol9/SRPMS-updates/nettle-3.8-3.el9_0.src.rpm Related CVEs: CVE-2022-2509 Description of changes: gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API [3.7.6-11] - Supply --with{,out}-{zlib,brotli,zstd} explicitly [3.7.6-10] - Revert nettle version pinning as it doesn't work well in side-tag [3.7.6-9] - Pin nettle version in Requires when compiled with FIPS [3.7.6-8] - Bundle GMP to privatize memory functions - Disable certificate compression support by default [3.7.6-7] - Update gnutls-3.7.6-cpuid-fixes.patch [3.7.6-6] - Mark RSA SigVer operation approved for known modulus sizes (#2119770) - accelerated: clear AVX bits if itcannot be queried through XSAVE [3.7.6-5] - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) - sysrng: reseed source DRBG for prediction resistance [3.7.6-4] - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109789) [3.7.6-3] - Limit input size for AES-GCM according to SP800-38D (#2108635) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch [3.7.6-2] - Allow enabling KTLS with config file (#2108532) [3.7.6-1] - Update to gnutls 3.7.6 (#2102591) [3.7.3-10] - Use only the first component of VERSION from /etc/os-release (#2076626) - Don't run power-on self-tests on DSA (#2076627) nettle [3.8-3] - Rebuild in new side-tag [3.8-2] - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data [3.8-1] - Update to nettle 3.8 (#2100350) _______________________________________________ El-errata mailing list
Oct 11, 2022
Oracle
89
security advisorysecurity issueFedoraFedora 36: gnutls Denial of Service Vulnerability - Moderate Risk Alert
Rebase gnutls to version 3.7.7 notes=Security fix for CVE-2022-2509. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0156c442d0 2022-07-31 01:30:22.784996 --------------------------------------------------------------------------------Name : gnutls Product : Fedora 36 Version : 3.7.7 Release : 1.fc36 URL : http://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. --------------------------------------------------------------------------------Update Information: Rebase gnutls to version 3.7.7 notes=Security fix for CVE-2022-2509 --------------------------------------------------------------------------------ChangeLog: * Fri Jul 29 2022 Zoltan Fridrich 3.7.7-1 - [packit] 3.7.7 upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #2108977 - CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify. https://bugzilla.redhat.com/show_bug.cgi?id=2108977 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0156c442d0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announcemailing list --
Jul 30, 2022
•Important
Fedora
98
security advisoryRed Hatbug fixRed Hat: RHSA-2021:1234-01 Moderate: openssl Buffer Overflow
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security and bug fix update Advisory ID: RHSA-2020:5483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5483 Issue date: 2020-12-15 CVE Names: CVE-2020-24659 ==================================================================== 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1872021 - CVE-2020-24659 gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: gnutls-c++-3.6.14-7.el8_3.aarch64.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-dane-3.6.14-7.el8_3.aarch64.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-debugsource-3.6.14-7.el8_3.aarch64.rpm gnutls-devel-3.6.14-7.el8_3.aarch64.rpm gnutls-utils-3.6.14-7.el8_3.aarch64.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.aarch64.rpm ppc64le: gnutls-c++-3.6.14-7.el8_3.ppc64le.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-dane-3.6.14-7.el8_3.ppc64le.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-debugsource-3.6.14-7.el8_3.ppc64le.rpm gnutls-devel-3.6.14-7.el8_3.ppc64le.rpm gnutls-utils-3.6.14-7.el8_3.ppc64le.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.ppc64le.rpm s390x: gnutls-c++-3.6.14-7.el8_3.s390x.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-dane-3.6.14-7.el8_3.s390x.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-debugsource-3.6.14-7.el8_3.s390x.rpm gnutls-devel-3.6.14-7.el8_3.s390x.rpm gnutls-utils-3.6.14-7.el8_3.s390x.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.s390x.rpm x86_64: gnutls-c++-3.6.14-7.el8_3.i686.rpm gnutls-c++-3.6.14-7.el8_3.x86_64.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-dane-3.6.14-7.el8_3.i686.rpm gnutls-dane-3.6.14-7.el8_3.x86_64.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-debugsource-3.6.14-7.el8_3.i686.rpm gnutls-debugsource-3.6.14-7.el8_3.x86_64.rpm gnutls-devel-3.6.14-7.el8_3.i686.rpm gnutls-devel-3.6.14-7.el8_3.x86_64.rpm gnutls-utils-3.6.14-7.el8_3.x86_64.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: gnutls-3.6.14-7.el8_3.src.rpm aarch64: gnutls-3.6.14-7.el8_3.aarch64.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-debuginfo-3.6.14-7.el8_3.aarch64.rpm gnutls-debugsource-3.6.14-7.el8_3.aarch64.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.aarch64.rpm ppc64le: gnutls-3.6.14-7.el8_3.ppc64le.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-debuginfo-3.6.14-7.el8_3.ppc64le.rpm gnutls-debugsource-3.6.14-7.el8_3.ppc64le.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.ppc64le.rpm s390x: gnutls-3.6.14-7.el8_3.s390x.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-debuginfo-3.6.14-7.el8_3.s390x.rpm gnutls-debugsource-3.6.14-7.el8_3.s390x.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.s390x.rpm x86_64: gnutls-3.6.14-7.el8_3.i686.rpm gnutls-3.6.14-7.el8_3.x86_64.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-c++-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-dane-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-debuginfo-3.6.14-7.el8_3.x86_64.rpm gnutls-debugsource-3.6.14-7.el8_3.i686.rpm gnutls-debugsource-3.6.14-7.el8_3.x86_64.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.i686.rpm gnutls-utils-debuginfo-3.6.14-7.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX9joEdzjgjWX9erEAQijrhAAjaBcXAGO41WT70tSH9RVEI4jeGgpoFsZ enESofhH51emSEMNc7TpIEyrH2sLTJI03kjP41yDTuS86saHi6F6QRoh78TSQK5T 8Kv3ytR0l18mBL6Jpo8302w7CSmullPej1RpofGXQ0y7X109WfwWpm/2i7MytddQ kTnsMpQ+c/epyl/Hn3qGn9VzHaXzwjNVS72Yv1BRKkiAG4DkBQEW1cyPyRkFjCYS wSWByccuHOprFHnKWPUeplSzizQEQee81XKMwroVzpldAp66q3hPS5YVN48nn9j/ bV/XOf9Mg5kNGOhad3/cpSdn/e1a+FChLWCTsFYLIijJKI4K5/RwnDQn4z1TDBPA aMY+85w1d4w6xWD15ds9+n123sjWOAX7umKwMnEraHf28/rGMT5VEN9juEXhqzqj awrJotpk41iQeMnwV8PG83Xxbku5qHKJoow6mzc6Qp6qcVezMho2S3ezNpnJvGU7 K49ys/FM6BJDqNSXMJdM5oqFJi8lRs+Ee5LT+4I/P3kTdQP4lVNrlmuayrhRcOB6 3x2kT1TnI0FqQTDcOqoopyltsTB07vzdrMPorG/0br5KXsuWk0FnD4URdExIofLD 45XwlkwQziC2giOYhj6cgQnwuG5jBHVBvYahL6EoKvi/zpiZhbGTjN344DZqaaRL mF1eUdglHIA=PVHI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2020
Red Hat
99
security advisorybuffer overflowmemory corruptionSlackware 14.2: SSA:2023-002-02 Severe: Libxml2 Buffer Overflow
New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2014-156-01) New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/gnutls-3.1.25-i486-1_slack14.1.txz: Upgraded. A security issue has been corrected in gnutls. This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client. This may allow a remote attacker to execute arbitrary code. Additional vulnerabilities in the embedded libtasn1 library have also been patched. Thanks to mancha for the backported patches. For more information, see: https://www.cve.org/CVERecord?id=CVE-2014-3465 https://www.cve.org/CVERecord?id=CVE-2014-3466 https://www.cve.org/CVERecord?id=CVE-2014-3467 https://www.cve.org/CVERecord?id=CVE-2014-3468 https://www.cve.org/CVERecord?id=CVE-2014-3469 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-4_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-4_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-4_slack13.1.txz Updated package for Slackware x86_6413.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-4_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-4_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-4_slack13.37.txz Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 0acf23b4cdae1b1dee923b33e110c790 gnutls-2.8.4-i486-4_slack13.0.txz Slackware x86_64 13.0 package: c371d06f05c831f8fbb5b04d9d1d5464 gnutls-2.8.4-x86_64-4_slack13.0.txz Slackware 13.1 package: 328bd02609ac00a98e9d07592c4bae82 gnutls-2.8.6-i486-4_slack13.1.txz Slackware x86_64 13.1 package: 8a59e02464b6b414b56b5077dc1f38e1 gnutls-2.8.6-x86_64-4_slack13.1.txz Slackware 13.37 package: 8659a0ab255d28a6bc16c4e625c53690 gnutls-2.10.5-i486-4_slack13.37.txz Slackware x86_64 13.37 package: 8617b26c38e4501311021a00e4999cb7 gnutls-2.10.5-x86_64-4_slack13.37.txz Slackware 14.0 package: 2d8b9a95c97aad5cc84a7b92ccb281c8 gnutls-3.0.32-i486-1_slack14.0.txz Slackware x86_64 14.0 package: ad2d0fca978564aa199588a468bfe160 gnutls-3.0.32-x86_64-1_slack14.0.txz Slackware 14.1 package: abd6c425bc3a12cfad1bce8a586bdc4c gnutls-3.1.25-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 4c28e2ab32e385f9569a4aab54c91db8 gnutls-3.1.25-x86_64-1_slack14.1.txz Slackware -current package: dfc1769af2693d3fa04206afd1993cdb n/gnutls-3.2.15-i486-1.txz Slackware x86_64 -current package: 0639e73bef1015eff97c50b95eac84cc n/gnutls-3.2.15-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.1.25-i486-1_slack14.1.txz +-----+ . OpenSSL libraries revisedfor Debian to resolve buffer overflow and unauthorized access vulnerabilities. Urgent maintenance required.. Gnutls Update, Slackware Security, Package Upgrade. . Severity: Critical. LinuxSecurity.com Team
Jun 06, 2014
•Critical
Slackware
98
security advisoryRed Hat Enterprise LinuximportantRed Hat: 2014:0288-01 Critical: GnuTLS Certificate Verification Flaw
Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.3, 5.6 and 6.2 Long Life, and Red Hat Enterprise Linux 5.9, 6.3 and 6.4 Extended Update Support. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: gnutls security update Advisory ID: RHSA-2014:0288-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0288.html Issue date: 2014-03-12 CVE Names: CVE-2014-0092 ==================================================================== 1. Summary: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.3, 5.6 and 6.2 Long Life, and Red Hat Enterprise Linux 5.9, 6.3 and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 4 ELS) - i386, ia64, x86_64 Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux ES (v. 4 ELS) - i386, x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64,s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) 6. Package List: Red Hat Enterprise Linux AS (v. 4ELS): Source: gnutls-1.0.20-5.el4.src.rpm i386: gnutls-1.0.20-5.el4.i386.rpm gnutls-debuginfo-1.0.20-5.el4.i386.rpm gnutls-devel-1.0.20-5.el4.i386.rpm ia64: gnutls-1.0.20-5.el4.i386.rpm gnutls-1.0.20-5.el4.ia64.rpm gnutls-debuginfo-1.0.20-5.el4.i386.rpm gnutls-debuginfo-1.0.20-5.el4.ia64.rpm gnutls-devel-1.0.20-5.el4.ia64.rpm x86_64: gnutls-1.0.20-5.el4.i386.rpm gnutls-1.0.20-5.el4.x86_64.rpm gnutls-debuginfo-1.0.20-5.el4.i386.rpm gnutls-debuginfo-1.0.20-5.el4.x86_64.rpm gnutls-devel-1.0.20-5.el4.x86_64.rpm Red Hat Enterprise Linux ES (v. 4 ELS): Source: gnutls-1.0.20-5.el4.src.rpm i386: gnutls-1.0.20-5.el4.i386.rpm gnutls-debuginfo-1.0.20-5.el4.i386.rpm gnutls-devel-1.0.20-5.el4.i386.rpm x86_64: gnutls-1.0.20-5.el4.i386.rpm gnutls-1.0.20-5.el4.x86_64.rpm gnutls-debuginfo-1.0.20-5.el4.i386.rpm gnutls-debuginfo-1.0.20-5.el4.x86_64.rpm gnutls-devel-1.0.20-5.el4.x86_64.rpm Red Hat Enterprise Linux Long Life (v. 5.3 server): Source: gnutls-1.4.1-3.el5_3.6.src.rpm i386: gnutls-1.4.1-3.el5_3.6.i386.rpm gnutls-debuginfo-1.4.1-3.el5_3.6.i386.rpm gnutls-devel-1.4.1-3.el5_3.6.i386.rpm gnutls-utils-1.4.1-3.el5_3.6.i386.rpm ia64: gnutls-1.4.1-3.el5_3.6.i386.rpm gnutls-1.4.1-3.el5_3.6.ia64.rpm gnutls-debuginfo-1.4.1-3.el5_3.6.i386.rpm gnutls-debuginfo-1.4.1-3.el5_3.6.ia64.rpm gnutls-devel-1.4.1-3.el5_3.6.ia64.rpm gnutls-utils-1.4.1-3.el5_3.6.ia64.rpm x86_64: gnutls-1.4.1-3.el5_3.6.i386.rpm gnutls-1.4.1-3.el5_3.6.x86_64.rpm gnutls-debuginfo-1.4.1-3.el5_3.6.i386.rpm gnutls-debuginfo-1.4.1-3.el5_3.6.x86_64.rpm gnutls-devel-1.4.1-3.el5_3.6.i386.rpm gnutls-devel-1.4.1-3.el5_3.6.x86_64.rpm gnutls-utils-1.4.1-3.el5_3.6.x86_64.rpm Red Hat Enterprise Linux LL (v. 5.6server): Source: gnutls-1.4.1-7.el5_6.1.src.rpm i386: gnutls-1.4.1-7.el5_6.1.i386.rpm gnutls-debuginfo-1.4.1-7.el5_6.1.i386.rpm gnutls-devel-1.4.1-7.el5_6.1.i386.rpm gnutls-utils-1.4.1-7.el5_6.1.i386.rpm ia64: gnutls-1.4.1-7.el5_6.1.i386.rpm gnutls-1.4.1-7.el5_6.1.ia64.rpm gnutls-debuginfo-1.4.1-7.el5_6.1.i386.rpm gnutls-debuginfo-1.4.1-7.el5_6.1.ia64.rpm gnutls-devel-1.4.1-7.el5_6.1.ia64.rpm gnutls-utils-1.4.1-7.el5_6.1.ia64.rpm x86_64: gnutls-1.4.1-7.el5_6.1.i386.rpm gnutls-1.4.1-7.el5_6.1.x86_64.rpm gnutls-debuginfo-1.4.1-7.el5_6.1.i386.rpm gnutls-debuginfo-1.4.1-7.el5_6.1.x86_64.rpm gnutls-devel-1.4.1-7.el5_6.1.i386.rpm gnutls-devel-1.4.1-7.el5_6.1.x86_64.rpm gnutls-utils-1.4.1-7.el5_6.1.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9 server): Source: gnutls-1.4.1-10.el5_9.3.src.rpm i386: gnutls-1.4.1-10.el5_9.3.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.i386.rpm gnutls-devel-1.4.1-10.el5_9.3.i386.rpm gnutls-utils-1.4.1-10.el5_9.3.i386.rpm ia64: gnutls-1.4.1-10.el5_9.3.i386.rpm gnutls-1.4.1-10.el5_9.3.ia64.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.ia64.rpm gnutls-devel-1.4.1-10.el5_9.3.ia64.rpm gnutls-utils-1.4.1-10.el5_9.3.ia64.rpm ppc: gnutls-1.4.1-10.el5_9.3.ppc.rpm gnutls-1.4.1-10.el5_9.3.ppc64.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.ppc.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.ppc64.rpm gnutls-devel-1.4.1-10.el5_9.3.ppc.rpm gnutls-devel-1.4.1-10.el5_9.3.ppc64.rpm gnutls-utils-1.4.1-10.el5_9.3.ppc.rpm s390x: gnutls-1.4.1-10.el5_9.3.s390.rpm gnutls-1.4.1-10.el5_9.3.s390x.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.s390.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.s390x.rpm gnutls-devel-1.4.1-10.el5_9.3.s390.rpm gnutls-devel-1.4.1-10.el5_9.3.s390x.rpm gnutls-utils-1.4.1-10.el5_9.3.s390x.rpm x86_64: gnutls-1.4.1-10.el5_9.3.i386.rpm gnutls-1.4.1-10.el5_9.3.x86_64.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.3.x86_64.rpm gnutls-devel-1.4.1-10.el5_9.3.i386.rpm gnutls-devel-1.4.1-10.el5_9.3.x86_64.rpm gnutls-utils-1.4.1-10.el5_9.3.x86_64.rpm RedHat Enterprise Linux Compute Node EUS (v. 6.3): Source: gnutls-2.8.5-7.el6_3.2.src.rpm x86_64: gnutls-2.8.5-7.el6_3.2.i686.rpm gnutls-2.8.5-7.el6_3.2.x86_64.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.x86_64.rpm gnutls-utils-2.8.5-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux HPC Node EUS (v. 6.4): Source: gnutls-2.8.5-10.el6_4.3.src.rpm x86_64: gnutls-2.8.5-10.el6_4.3.i686.rpm gnutls-2.8.5-10.el6_4.3.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3): Source: gnutls-2.8.5-7.el6_3.2.src.rpm x86_64: gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.x86_64.rpm gnutls-devel-2.8.5-7.el6_3.2.i686.rpm gnutls-devel-2.8.5-7.el6_3.2.x86_64.rpm gnutls-guile-2.8.5-7.el6_3.2.i686.rpm gnutls-guile-2.8.5-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: gnutls-2.8.5-10.el6_4.3.src.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.3.i686.rpm gnutls-devel-2.8.5-10.el6_4.3.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.3.i686.rpm gnutls-guile-2.8.5-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: gnutls-2.8.5-4.el6_2.3.src.rpm x86_64: gnutls-2.8.5-4.el6_2.3.i686.rpm gnutls-2.8.5-4.el6_2.3.x86_64.rpm gnutls-debuginfo-2.8.5-4.el6_2.3.i686.rpm gnutls-debuginfo-2.8.5-4.el6_2.3.x86_64.rpm gnutls-devel-2.8.5-4.el6_2.3.i686.rpm gnutls-devel-2.8.5-4.el6_2.3.x86_64.rpm gnutls-utils-2.8.5-4.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.3): Source: gnutls-2.8.5-7.el6_3.2.src.rpm i386: gnutls-2.8.5-7.el6_3.2.i686.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-devel-2.8.5-7.el6_3.2.i686.rpm gnutls-utils-2.8.5-7.el6_3.2.i686.rpm ppc64: gnutls-2.8.5-7.el6_3.2.ppc.rpm gnutls-2.8.5-7.el6_3.2.ppc64.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.ppc.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.ppc64.rpm gnutls-devel-2.8.5-7.el6_3.2.ppc.rpm gnutls-devel-2.8.5-7.el6_3.2.ppc64.rpm gnutls-utils-2.8.5-7.el6_3.2.ppc64.rpm s390x: gnutls-2.8.5-7.el6_3.2.s390.rpm gnutls-2.8.5-7.el6_3.2.s390x.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.s390.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.s390x.rpm gnutls-devel-2.8.5-7.el6_3.2.s390.rpm gnutls-devel-2.8.5-7.el6_3.2.s390x.rpm gnutls-utils-2.8.5-7.el6_3.2.s390x.rpm x86_64: gnutls-2.8.5-7.el6_3.2.i686.rpm gnutls-2.8.5-7.el6_3.2.x86_64.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.x86_64.rpm gnutls-devel-2.8.5-7.el6_3.2.i686.rpm gnutls-devel-2.8.5-7.el6_3.2.x86_64.rpm gnutls-utils-2.8.5-7.el6_3.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.4): Source: gnutls-2.8.5-10.el6_4.3.src.rpm i386: gnutls-2.8.5-10.el6_4.3.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-devel-2.8.5-10.el6_4.3.i686.rpm gnutls-utils-2.8.5-10.el6_4.3.i686.rpm ppc64: gnutls-2.8.5-10.el6_4.3.ppc.rpm gnutls-2.8.5-10.el6_4.3.ppc64.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.ppc.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.ppc64.rpm gnutls-devel-2.8.5-10.el6_4.3.ppc.rpm gnutls-devel-2.8.5-10.el6_4.3.ppc64.rpm gnutls-utils-2.8.5-10.el6_4.3.ppc64.rpm s390x: gnutls-2.8.5-10.el6_4.3.s390.rpm gnutls-2.8.5-10.el6_4.3.s390x.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.s390.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.s390x.rpm gnutls-devel-2.8.5-10.el6_4.3.s390.rpm gnutls-devel-2.8.5-10.el6_4.3.s390x.rpm gnutls-utils-2.8.5-10.el6_4.3.s390x.rpm x86_64: gnutls-2.8.5-10.el6_4.3.i686.rpm gnutls-2.8.5-10.el6_4.3.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.3.i686.rpm gnutls-devel-2.8.5-10.el6_4.3.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: gnutls-2.8.5-4.el6_2.3.src.rpm x86_64: gnutls-debuginfo-2.8.5-4.el6_2.3.i686.rpm gnutls-debuginfo-2.8.5-4.el6_2.3.x86_64.rpm gnutls-guile-2.8.5-4.el6_2.3.i686.rpm gnutls-guile-2.8.5-4.el6_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.3): Source: gnutls-2.8.5-7.el6_3.2.src.rpm i386: gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-guile-2.8.5-7.el6_3.2.i686.rpm ppc64: gnutls-debuginfo-2.8.5-7.el6_3.2.ppc.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.ppc64.rpm gnutls-guile-2.8.5-7.el6_3.2.ppc.rpm gnutls-guile-2.8.5-7.el6_3.2.ppc64.rpm s390x: gnutls-debuginfo-2.8.5-7.el6_3.2.s390.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.s390x.rpm gnutls-guile-2.8.5-7.el6_3.2.s390.rpm gnutls-guile-2.8.5-7.el6_3.2.s390x.rpm x86_64: gnutls-debuginfo-2.8.5-7.el6_3.2.i686.rpm gnutls-debuginfo-2.8.5-7.el6_3.2.x86_64.rpm gnutls-guile-2.8.5-7.el6_3.2.i686.rpm gnutls-guile-2.8.5-7.el6_3.2.x86_64.rpm Red Hat Enterprise LinuxServer Optional EUS (v. 6.4): Source: gnutls-2.8.5-10.el6_4.3.src.rpm i386: gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-guile-2.8.5-10.el6_4.3.i686.rpm ppc64: gnutls-debuginfo-2.8.5-10.el6_4.3.ppc.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.ppc64.rpm gnutls-guile-2.8.5-10.el6_4.3.ppc.rpm gnutls-guile-2.8.5-10.el6_4.3.ppc64.rpm s390x: gnutls-debuginfo-2.8.5-10.el6_4.3.s390.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.s390x.rpm gnutls-guile-2.8.5-10.el6_4.3.s390.rpm gnutls-guile-2.8.5-10.el6_4.3.s390x.rpm x86_64: gnutls-debuginfo-2.8.5-10.el6_4.3.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.3.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.3.i686.rpm gnutls-guile-2.8.5-10.el6_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0092 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . Obtain the most recent GnuTLS security patch for Red Hat Enterprise Linux that resolves critical certificate validation vulnerabilities.. GnuTLS Update, Red Hat Security Advisory, Certificate Issue Fix. . Severity: Important. LinuxSecurity.com Team
Mar 12, 2014
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!