USN-1752-1: GnuTLS vulnerability

27 February 2013

GnuTLS could be made to expose sensitive information over the network.

Releases

Packages

Details

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in GnuTLS was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References