Opened 6 years ago

Closed 6 years ago

#10951 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (3)

comment:1 by Bruce Dubbs, 6 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 6 years ago

GnuTLS NEWS -- History of user-visible changes. -*- outline -*- Bug numbers referenced in this log correspond to bug numbers at our issue tracker, available at Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2017 Nikos Mavrogiannopoulos See the end for copying conditions.

  • Version 3.5.19 (released 2018-07-16)

libgnutls: Backported PKCS#11 module improvements in initialization

from master branch.

libgnutls: Corrected infinite loop when an incorrect PIN was provided

via pin-value or pin-source.

Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen

and Adi Shamir reported that the existing counter-measures had certain issues and were insufficient when the attacker has additional access to the CPU cache and performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]

The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default

priority strings. They are not necessary for compatibility or other purpose and provide no advantage over their SHA1 counter-parts, as they all depend on the legacy TLS CBC block mode.

API and ABI modifications: No changes since last version.

comment:3 by Bruce Dubbs, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 20260.

Note: See TracTickets for help on using tickets.