gnutls28 3.8.1-4ubuntu1.3 source package in Ubuntu
Changelog
gnutls28 (3.8.1-4ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: side-channel leak via Minerva attack
- debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in
deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,
lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,
lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,
tests/sign-verify-deterministic.c.
- CVE-2024-28834
* SECURITY UPDATE: crash via specially-crafted cert bundle
- debian/patches/CVE-2024-28835.patch: remove length limit of input in
lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,
tests/test-chains.h.
- CVE-2024-28835
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 09:12:36 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Mantic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | updates | main | libs | |
| Mantic | security | main | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| gnutls28_3.8.1.orig.tar.xz | 6.1 MiB | ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c |
| gnutls28_3.8.1.orig.tar.xz.asc | 996 bytes | 3b6357c19431736099929e13ff8340e9ed4b36e4e22b34ae7b46e1f85a1d2884 |
| gnutls28_3.8.1-4ubuntu1.3.debian.tar.xz | 82.9 KiB | b77e447cc42b603c7be0ab5df9ff43fb36d0ea5dff0cba2c64a3fbdbe7229768 |
| gnutls28_3.8.1-4ubuntu1.3.dsc | 3.3 KiB | f81d14d301fee4bad15c4646c3a3864f7b7b3b53d6704b8529cac23d4bbaae51 |
Available diffs
Binary packages built by this source
- gnutls-bin: GNU TLS library - commandline utilities
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains a commandline interface to the GNU TLS library, which
can be used to set up secure connections from e.g. shell scripts, debugging
connection issues or managing certificates.
.
Useful utilities include:
- TLS termination: gnutls-cli, gnutls-serv
- key and certificate management: certtool, ocsptool, p11tool
- credential management: srptool, psktool
- gnutls-bin-dbgsym: debug symbols for gnutls-bin
- gnutls-doc: GNU TLS library - documentation and examples
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains all the GnuTLS documentation.
- libgnutls-dane0: GNU TLS library - DANE security support
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the runtime library for DANE (DNS-based Authentication
of Named Entities) support.
- libgnutls-dane0-dbgsym: debug symbols for libgnutls-dane0
- libgnutls-openssl27: GNU TLS library - OpenSSL wrapper
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the runtime library of the GnuTLS OpenSSL wrapper.
- libgnutls-openssl27-dbgsym: debug symbols for libgnutls-openssl27
- libgnutls28-dev: GNU TLS library - development files
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the GnuTLS development files.
- libgnutls30: GNU TLS library - main runtime library
GnuTLS is a portable library which implements the Transport Layer
Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
Transport Layer Security (DTLS 1.0, 1.2) protocols.
.
GnuTLS features support for:
- certificate path validation, as well as DANE and trust on first use.
- the Online Certificate Status Protocol (OCSP).
- public key methods, including RSA and Elliptic curves, as well as password
and key authentication methods such as SRP and PSK protocols.
- all the strong encryption algorithms, including AES and Camellia.
- CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- HSMs and cryptographic tokens, via PKCS #11.
.
This package contains the main runtime library.
- libgnutls30-dbgsym: debug symbols for libgnutls30
