GnuTLS Vulnerability Plugged in All Supported Ubuntu OSes

On February 27, Canonical published in a security notice details about a GnuTLS vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS, and Ubuntu 8.04 LTS operating systems.

According to Canonical, GnuTLS could be made to expose sensitive information over the network.

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

The security flaws can be fixed if you upgrade your system(s) to the latest libgnutls package, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be necessary to implement the changes.