gnutls28 3.7.3-4ubuntu1.4 source package in Ubuntu

Changelog

gnutls28 (3.7.3-4ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: timing side-channel attack in the RSA-PSK key exchange
    - debian/patches/CVE-2024-0553.patch: minimize branching after
      decryption in lib/auth/rsa_psk.c.
    - CVE-2024-0553
  * SECURITY UPDATE: DoS via certificate chain with distributed trust
    - debian/patches/CVE-2024-0567.patch: detect loop in certificate chain
      in lib/x509/common.c, tests/test-chains.h.
    - CVE-2024-0567

 -- Marc Deslauriers <email address hidden>  Thu, 18 Jan 2024 12:22:01 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnutls28_3.7.3.orig.tar.xz 5.8 MiB fc59c43bc31ab20a6977ff083029277a31935b8355ce387b634fa433f8f6c49a
gnutls28_3.7.3.orig.tar.xz.asc 833 bytes a2f95ac5d7dd951bddef01ec9930616dd1a5226173b3dc7896b3bed411c91d9a
gnutls28_3.7.3-4ubuntu1.4.debian.tar.xz 79.1 KiB 06f3e49e9b898a3d720e144889c708159437777132e414d1a13cdd791bb1f949
gnutls28_3.7.3-4ubuntu1.4.dsc 3.5 KiB a9fa19d942487fc4e17c33b696d34dad8f842f654e4a0aacac686b000f3114c2

View changes file

Binary packages built by this source

gnutls-bin: GNU TLS library - commandline utilities

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains a commandline interface to the GNU TLS library, which
 can be used to set up secure connections from e.g. shell scripts, debugging
 connection issues or managing certificates.
 .
 Useful utilities include:
  - TLS termination: gnutls-cli, gnutls-serv
  - key and certificate management: certtool, ocsptool, p11tool
  - credential management: srptool, psktool

gnutls-bin-dbgsym: debug symbols for gnutls-bin
gnutls-doc: GNU TLS library - documentation and examples

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains all the GnuTLS documentation.

guile-gnutls: GNU TLS library - GNU Guile bindings

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the GNU Guile modules.

guile-gnutls-dbgsym: debug symbols for guile-gnutls
libgnutls-dane0: GNU TLS library - DANE security support

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the runtime library for DANE (DNS-based Authentication
 of Named Entities) support.

libgnutls-dane0-dbgsym: debug symbols for libgnutls-dane0
libgnutls-openssl27: GNU TLS library - OpenSSL wrapper

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the runtime library of the GnuTLS OpenSSL wrapper.

libgnutls-openssl27-dbgsym: debug symbols for libgnutls-openssl27
libgnutls28-dev: GNU TLS library - development files

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the GnuTLS development files.

libgnutls30: GNU TLS library - main runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the main runtime library.

libgnutls30-dbgsym: debug symbols for libgnutls30
libgnutlsxx28: GNU TLS library - C++ runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains the C++ runtime libraries.

libgnutlsxx28-dbgsym: debug symbols for libgnutlsxx28