Ops One AG

You can subscribe via email or RSS

Wednesday 31st October 2018

Managed Server Version 5: libgnutls-openssl update, scheduled 4 months ago

A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846)

see also: https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html

libgnutls was updated to the following patch versions:

  • libgnutls-deb0-28/oldstable 3.3.30-0+deb8u1 amd64 [upgradable from: 3.3.8-6+deb8u7]
  • libgnutls-openssl27/oldstable 3.3.30-0+deb8u1 amd64 [upgradable from: 3.3.8-6+deb8u7]