LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   [Slackware security] GnuTLS multiple vulnerabilities + (un)lucky-13 (http://www.linuxquestions.org/questions/slackware-14/%5Bslackware-security%5D-gnutls-multiple-vulnerabilities-un-lucky-13-a-4175466576/)

mancha 06-19-2013 02:39 AM

[Slackware security] GnuTLS multiple vulnerabilities + (un)lucky-13
 
Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):

Code:

Affected:        CVE ID:        Memo:
--------------  -------------  -------------
12.0 - current  CVE-2013-1619  fixed in 2.12.23 & 3.0.28 & 3.1.7
12.0 - 13.37    CVE-2012-1573  fixed in 2.12.18 & 3.0.17
12.0 - 13.37    CVE-2011-4128  fixed in 2.12.14 & 3.0.7
12.0 - 13.1      CVE-2009-3555  fixed in 2.10.x
12.0            CVE-2009-2730  fixed in 2.8.3
12.0            CVE-2009-1417  fixed in 2.6.6

Since no officially supported interfaces were modified or removed between
2.6.x, 2.8.x, 2.10.x, and 2.12.x, according to GnuTLS there should* be full
backwards compatibility (binary and source). GnuTLS 2.12.23 + upstream patch
for CVE-2013-2116
would address above issues for Slackware 12.0-13.37.

For Slackware 14.0 and current, either GnuTLS 3.0.30 or 3.1.12 (which is
advertised as binary/source compatible with 3.0.x) would address the
vulnerabilities.

--mancha

*Programs that use unofficial interfaces might require re-building.

philanc 06-20-2013 12:40 PM

Quote:

Originally Posted by mancha+ (Post 4974617)
Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):

A big thank you to Mancha for this highlight.

I consider that Slackware is amazingly safe (in terms of security) given the small team size. This is due obviously to Pat's dedication and care, but also to this sort of contribution.

What a great community! So many serious users, and a very good S/N ratio! --except when it comes to systemd ;)

Phil


All times are GMT -5. The time now is 05:11 AM.