[Oraclevm-errata] OVMSA-2017-0054 Moderate: Oracle VM 3.3 gnutls security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Mar 29 13:05:58 PDT 2017

Oracle VM Security Advisory OVMSA-2017-0054

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Upgraded to 2.12.23 to incorporate multiple TLS 1.2 fixes
   (#1326389, #1326073, #1323215, #1320982, #1328205, #1321112)
- Modified gnutls-serv to accept --sni-hostname (#1333521)
- Modified gnutls-serv to always reply with an alert message (#1327656)
- Removed support for DSA2 as it causes interoperability issues (#1321112)
- Allow sending and receiving certificates which were not in the
   signature algorithms extension (#1328205)
- Removed support for EXPORT ciphersuites (#1337460)
- Raised the minimum acceptable DH size to 1024 (#1335924)
- Restricted the number of alert that can be received during handshake 
- Added fixes for OpenPGP parsing issues (CVE-2017-5337, CVE-2017-5336, 
- The exposed (but internal) crypto back-end registration API is 
deprecated and no
   longer functional. The ABI is kept compatible (#1415682)

More information about the Oraclevm-errata mailing list