gnutls: Fixed potential information leak in DTLS implementation
This update of GnuTLS fixes a vulnerability in the DTLS
implementation which could allow remote attackers to
recover partial plaintext via a timing side-channel attack.
(CVE-2012-0390).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5827
Fixed bugs
bnc#739898
VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext recovery attack
CVE#CVE-2012-0390
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext vi
