Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for gnutls CESA-2013:0588 centos5

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'gnutls' package(s) announced via the referenced advisory.

Insight

Insight

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.

Affected Software

Affected Software

gnutls on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)