Bug 40411 - gnutls26: Multiple issues (4.0)
gnutls26: Multiple issues (4.0)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-4-errata
Assigned To: Daniel Tröder
Philipp Hahn
Depends on: 40412
  Show dependency treegraph
Reported: 2016-01-11 14:17 CET by Arvid Requate
Modified: 2016-02-05 14:35 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-01-11 14:17:04 CET
Upstream Debian package version 2.12.20-8+deb7u5 fixes the following issues:

* fail to check the first byte of the padding in CBC modes (CVE-2015-8313)

* SLOTH: Security Losses from Obsolete and Truncated Transcript Hashes (CVE-2015-7575)
Comment 1 Daniel Tröder univentionstaff 2016-01-28 09:57:46 CET
repo_admin.py --cherrypick --release 4.1-0-0 -s errata4.1-0 --releasedest 4.0-0-0 --dest errata4.0-4 -p gnutls26

Advisory (gnutls26.yaml): r67033
Comment 2 Philipp Hahn univentionstaff 2016-02-01 12:58:05 CET
OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(gnutls26)~i' #  2.12.20-8.29.201601280949
OK: UCS-4.0 < UCS-4.1
OK: apt-get install gnutls-bin
OK: apt-get install libgnutls26-dbg
OK: apt-get install gnutls26-doc
OK: apt-get install libgnutls-openssl27
OK: apt-get install libgnutlsxx27
OK: apt-get install guile-gnutls # unmaintained=yes
OK: apt-get install libgnutls-dev # unmaintained=yes

OK: amd64 i386

OK: elinks http://google.de/
OK: gnutls-cli mail.univention.de -p submission -s --insecure
OK: ldapsearch -H "ldap://$(ucr get ldap/master)" -b "$(ucr get ldap/base)" -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret -ZZ -LLL uid=Administrator uid

OK: zless /usr/share/doc/libgnutls26/changelog.Debian.gz
OK: CVE-2015-8313
OK: CVE-2015-7575
FIXED: gnutls26.yaml r67096
OK: errata-announce -VVBB --only gnutls26.yaml
Comment 3 Janek Walkenhorst univentionstaff 2016-02-05 14:35:16 CET