Scientific Linux Security Update : gnutls on SL5.x, SL6.x i386/x86_64
Medium Nessus Plugin ID 65019
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619)
For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
SolutionUpdate the affected packages.