-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:040 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : gnutls Date : April 5, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Nadhem Alfardan and Kenny Paterson devised an attack that recovers some bits of the plaintext of a GnuTLS session that utilizes that CBC ciphersuites, by using timing information (CVE-2013-1619). The gnutls package has been updated to latest 3.0.28 version to fix above problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0050 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 942151b0666c9b58dec41ac9e6b84bac mbs1/x86_64/gnutls-3.0.28-1.mbs1.x86_64.rpm a11ec1c9901d1e60525241e4fb7b3328 mbs1/x86_64/lib64gnutls28-3.0.28-1.mbs1.x86_64.rpm 5ab8a36480a1d286b51039e082cd6198 mbs1/x86_64/lib64gnutls-devel-3.0.28-1.mbs1.x86_64.rpm a269eabac3f59f8c97521a1a372f8ffb mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.mbs1.x86_64.rpm 06ddda051bcdd9787c1b55732994df95 mbs1/x86_64/lib64tasn1_3-2.14-1.mbs1.x86_64.rpm 4e4baa2bc639b93ad1d372af7ad8b8ec mbs1/x86_64/lib64tasn1-devel-2.14-1.mbs1.x86_64.rpm 9554ffa6981c65d56214ec731c27494e mbs1/x86_64/libtasn1-tools-2.14-1.mbs1.x86_64.rpm 4a46d2f718c65a76c55af4161e3d9d72 mbs1/SRPMS/gnutls-3.0.28-1.mbs1.src.rpm 03c3cec31c63d818223aa6ec87bfba73 mbs1/SRPMS/libtasn1-2.14-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRXqv1mqjQ0CJFipgRAs9sAKCh4WZULtBW4yVLfGZ0QN2TgWscRgCdHTX4 Zxgfgl9XjV6TRIYuNnrREp8= =Wocj -----END PGP SIGNATURE-----