Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):
Code:
Affected: CVE ID: Memo:
-------------- ------------- -------------
12.0 - current CVE-2013-1619 fixed in 2.12.23 & 3.0.28 & 3.1.7
12.0 - 13.37 CVE-2012-1573 fixed in 2.12.18 & 3.0.17
12.0 - 13.37 CVE-2011-4128 fixed in 2.12.14 & 3.0.7
12.0 - 13.1 CVE-2009-3555 fixed in 2.10.x
12.0 CVE-2009-2730 fixed in 2.8.3
12.0 CVE-2009-1417 fixed in 2.6.6
Since no officially supported interfaces were modified or removed between
2.6.x, 2.8.x, 2.10.x, and 2.12.x, according to GnuTLS there
should* be full
backwards compatibility (binary and source). GnuTLS 2.12.23 +
upstream patch
for CVE-2013-2116 would address above issues for Slackware 12.0-13.37.
For Slackware 14.0 and current, either GnuTLS 3.0.30 or 3.1.12 (which is
advertised as binary/source compatible with 3.0.x) would address the
vulnerabilities.
--mancha
*Programs that use unofficial interfaces might require re-building.