LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-19-2013, 02:39 AM   #1
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
[Slackware security] GnuTLS multiple vulnerabilities + (un)lucky-13


Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):

Code:
Affected:        CVE ID:         Memo:
--------------   -------------   -------------
12.0 - current   CVE-2013-1619   fixed in 2.12.23 & 3.0.28 & 3.1.7
12.0 - 13.37     CVE-2012-1573   fixed in 2.12.18 & 3.0.17
12.0 - 13.37     CVE-2011-4128   fixed in 2.12.14 & 3.0.7
12.0 - 13.1      CVE-2009-3555   fixed in 2.10.x
12.0             CVE-2009-2730   fixed in 2.8.3
12.0             CVE-2009-1417   fixed in 2.6.6
Since no officially supported interfaces were modified or removed between
2.6.x, 2.8.x, 2.10.x, and 2.12.x, according to GnuTLS there should* be full
backwards compatibility (binary and source). GnuTLS 2.12.23 + upstream patch
for CVE-2013-2116
would address above issues for Slackware 12.0-13.37.

For Slackware 14.0 and current, either GnuTLS 3.0.30 or 3.1.12 (which is
advertised as binary/source compatible with 3.0.x) would address the
vulnerabilities.

--mancha

*Programs that use unofficial interfaces might require re-building.
 
Old 06-20-2013, 12:40 PM   #2
philanc
Member
 
Registered: Jan 2011
Posts: 306

Rep: Reputation: 270Reputation: 270Reputation: 270
Quote:
Originally Posted by mancha+ View Post
Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):
A big thank you to Mancha for this highlight.

I consider that Slackware is amazingly safe (in terms of security) given the small team size. This is due obviously to Pat's dedication and care, but also to this sort of contribution.

What a great community! So many serious users, and a very good S/N ratio! --except when it comes to systemd

Phil
 
  


Reply

Tags
security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Justice Guestbook 1.3 Multiple Vulnerabilities call_krushna Linux - Security 3 03-23-2013 02:56 AM
LXer: Hosting Multiple SSL Web Sites On One IP With Apache 2.2 & GnuTLS (Debian Lenny) LXer Syndicated Linux News 0 02-04-2011 01:40 PM
Security Advisories and the 64-bit Kernel vulnerabilities njb Slackware 1 11-17-2010 08:27 PM
Has Centos 4.3 Security Vulnerabilities? Seregwethrin Linux - Server 3 02-29-2008 09:48 AM
LXer: Top FOSS security vulnerabilities LXer Syndicated Linux News 0 12-13-2007 07:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration