gnutls28 3.5.18-1ubuntu1.1 source package in Ubuntu

Changelog

gnutls28 (3.5.18-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    - debian/patches/CVE-2018-1084x-1.patch: correctly account the length
      field in SHA384 HMAC in lib/algorithms/mac.c, lib/cipher.c.
    - debian/patches/CVE-2018-1084x-2.patch: always hash the same amount of
      blocks that would have been on minimum pad in lib/cipher.c.
    - debian/patches/CVE-2018-1084x-3.patch: require minimum padding under
      SSL3.0 in lib/cipher.c.
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/priority.c,
      tests/dtls1-2-mtu-check.c, tests/priorities.c.
    - debian/patches/CVE-2018-1084x-5.patch: fix test for SHA512 in
      tests/pkcs12_encode.c.
    - CVE-2018-10844
    - CVE-2018-10845
    - CVE-2018-10846
  * SECURITY UPDATE: double free in cert verification API
    - debian/patches/CVE-2019-3829-1.patch: automatically NULLify after
      gnutls_free() in lib/includes/gnutls/gnutls.h.in.
    - debian/patches/CVE-2019-3829-2.patch: fix some casts in
      lib/extensions.c.
    - debian/patches/CVE-2019-3829-3.patch: fix dereference of NULL pointer
      in lib/x509/x509.c.
    - CVE-2019-3829

 -- Marc Deslauriers <email address hidden>  Tue, 28 May 2019 13:18:12 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-05-29
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2019-05-30 main libs
Bionic security on 2019-05-30 main libs

Downloads

File Size SHA-256 Checksum
gnutls28_3.5.18.orig.tar.xz 6.9 MiB ae2248d9e78747cf9c469dde81ff8f90b56838b707a0637f3f7d4eee90e80234
gnutls28_3.5.18.orig.tar.xz.asc 534 bytes 50bb942469be0639bbab925de630fb921aa8cac5f40072cb1c2cf1fb7ae7977b
gnutls28_3.5.18-1ubuntu1.1.debian.tar.xz 70.1 KiB 75c26de0d6ff4db9853d495d5e04146891018631d65adfbdbe4ed1d9ce9a63ff
gnutls28_3.5.18-1ubuntu1.1.dsc 3.4 KiB 67a024bd669c6388d38f350a08179fc43eca7fcaeb2664bf546597244fcd09b3

View changes file

Binary packages built by this source

gnutls-bin: GNU TLS library - commandline utilities

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains a commandline interface to the GNU TLS library, which
 can be used to set up secure connections from e.g. shell scripts, debugging
 connection issues or managing certificates.
 .
 Useful utilities include:
  - TLS termination: gnutls-cli, gnutls-serv
  - key and certificate management: certtool, ocsptool, p11tool
  - credential management: srptool, psktool

gnutls-bin-dbgsym: debug symbols for gnutls-bin
gnutls-doc: GNU TLS library - documentation and examples

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains all the GnuTLS documentation.

libgnutls-dane0: GNU TLS library - DANE security support

 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains the runtime library for DANE (DNS-based Authentication
 of Named Entities) support.

libgnutls-dane0-dbgsym: debug symbols for libgnutls-dane0
libgnutls-openssl27: GNU TLS library - OpenSSL wrapper

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains the runtime library of the GnuTLS OpenSSL wrapper.

libgnutls-openssl27-dbgsym: debug symbols for libgnutls-openssl27
libgnutls28-dev: GNU TLS library - development files

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains the GnuTLS development files.

libgnutls30: GNU TLS library - main runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains the main runtime library.

libgnutls30-dbgsym: debug symbols for libgnutls30
libgnutlsxx28: GNU TLS library - C++ runtime library

 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - TLS extensions: server name indication, max record size, opaque PRF
    input, etc.
  - authentication using the SRP protocol.
  - authentication using both X.509 certificates and OpenPGP keys.
  - TLS Pre-Shared-Keys (PSK) extension.
  - Inner Application (TLS/IA) extension.
  - X.509 and OpenPGP certificate handling.
  - X.509 Proxy Certificates (RFC 3820).
  - all the strong encryption algorithms (including SHA-256/384/512 and
    Camellia (RFC 4132)).
 .
 This package contains the C++ runtime libraries.

libgnutlsxx28-dbgsym: debug symbols for libgnutlsxx28