Synopsis: Moderate: gnutls security update Issue Date: 2013-03-04 CVE Numbers: CVE-2013-1619 -- It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. -- SL5 x86_64 gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-1.4.1-10.el5_9.1.x86_64.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.x86_64.rpm gnutls-utils-1.4.1-10.el5_9.1.x86_64.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.x86_64.rpm i386 gnutls-1.4.1-10.el5_9.1.i386.rpm gnutls-debuginfo-1.4.1-10.el5_9.1.i386.rpm gnutls-utils-1.4.1-10.el5_9.1.i386.rpm gnutls-devel-1.4.1-10.el5_9.1.i386.rpm SL6 x86_64 gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-2.8.5-10.el6_4.1.x86_64.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.x86_64.rpm gnutls-utils-2.8.5-10.el6_4.1.x86_64.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.x86_64.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.x86_64.rpm i386 gnutls-2.8.5-10.el6_4.1.i686.rpm gnutls-debuginfo-2.8.5-10.el6_4.1.i686.rpm gnutls-utils-2.8.5-10.el6_4.1.i686.rpm gnutls-devel-2.8.5-10.el6_4.1.i686.rpm gnutls-guile-2.8.5-10.el6_4.1.i686.rpm - Scientific Linux Development Team