CVE-2012-0390

Priority
Description
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain
error-handling code only if there is a specific relationship between a
padding length and the ciphertext size, which makes it easier for remote
attackers to recover partial plaintext via a timing side-channel attack, a
related issue to CVE-2011-4108.
Notes
tyhicksDTLS support was not implemented until gnutls-2.99.0
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (DTLS not implemented)
More Information

Updated: 2020-09-10 01:57:15 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)