Synopsis:          Moderate: gnutls security update
Issue Date:        2013-03-04
CVE Numbers:       CVE-2013-1619
--

It was discovered that GnuTLS leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-1619)

For the update to take effect, all applications linked to the GnuTLS
library must be restarted, or the system rebooted.
--

SL5
   x86_64
     gnutls-1.4.1-10.el5_9.1.i386.rpm
     gnutls-1.4.1-10.el5_9.1.x86_64.rpm
     gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm
     gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm
     gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm
     gnutls-devel-1.4.1-10.el5_9.1.i386.rpm
     gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm
   i386
     gnutls-1.4.1-10.el5_9.1.i386.rpm
     gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm
     gnutls-utils-1.4.1-10.el5_9.1.i386.rpm
     gnutls-devel-1.4.1-10.el5_9.1.i386.rpm
SL6
   x86_64
     gnutls-2.8.5-10.el6_4.1.i686.rpm
     gnutls-2.8.5-10.el6_4.1.x86_64.rpm
     gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm
     gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm
     gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm
     gnutls-devel-2.8.5-10.el6_4.1.i686.rpm
     gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm
     gnutls-guile-2.8.5-10.el6_4.1.i686.rpm
     gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm
   i386
     gnutls-2.8.5-10.el6_4.1.i686.rpm
     gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm
     gnutls-utils-2.8.5-10.el6_4.1.i686.rpm
     gnutls-devel-2.8.5-10.el6_4.1.i686.rpm
     gnutls-guile-2.8.5-10.el6_4.1.i686.rpm

- Scientific Linux Development Team