Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 06-19-2013, 02:39 AM   #1
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
[Slackware security] GnuTLS multiple vulnerabilities + (un)lucky-13

Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):

Affected:        CVE ID:         Memo:
--------------   -------------   -------------
12.0 - current   CVE-2013-1619   fixed in 2.12.23 & 3.0.28 & 3.1.7
12.0 - 13.37     CVE-2012-1573   fixed in 2.12.18 & 3.0.17
12.0 - 13.37     CVE-2011-4128   fixed in 2.12.14 & 3.0.7
12.0 - 13.1      CVE-2009-3555   fixed in 2.10.x
12.0             CVE-2009-2730   fixed in 2.8.3
12.0             CVE-2009-1417   fixed in 2.6.6
Since no officially supported interfaces were modified or removed between
2.6.x, 2.8.x, 2.10.x, and 2.12.x, according to GnuTLS there should* be full
backwards compatibility (binary and source). GnuTLS 2.12.23 + upstream patch
for CVE-2013-2116
would address above issues for Slackware 12.0-13.37.

For Slackware 14.0 and current, either GnuTLS 3.0.30 or 3.1.12 (which is
advertised as binary/source compatible with 3.0.x) would address the


*Programs that use unofficial interfaces might require re-building.
Old 06-20-2013, 12:40 PM   #2
Registered: Jan 2011
Posts: 168

Rep: Reputation: 125Reputation: 125
Originally Posted by mancha+ View Post
Multiple security vulnerabilities exist in GnuTLS shipped in Slackware
12.0 through current (didn't check prior to 12.0):
A big thank you to Mancha for this highlight.

I consider that Slackware is amazingly safe (in terms of security) given the small team size. This is due obviously to Pat's dedication and care, but also to this sort of contribution.

What a great community! So many serious users, and a very good S/N ratio! --except when it comes to systemd



security, slackware

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Justice Guestbook 1.3 Multiple Vulnerabilities call_krushna Linux - Security 3 03-23-2013 02:56 AM
LXer: Hosting Multiple SSL Web Sites On One IP With Apache 2.2 & GnuTLS (Debian Lenny) LXer Syndicated Linux News 0 02-04-2011 01:40 PM
Security Advisories and the 64-bit Kernel vulnerabilities njb Slackware 1 11-17-2010 08:27 PM
Has Centos 4.3 Security Vulnerabilities? Seregwethrin Linux - Server 3 02-29-2008 09:48 AM
LXer: Top FOSS security vulnerabilities LXer Syndicated Linux News 0 12-13-2007 07:41 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration