2

I am having a FreeBSD server and using pycurl as a library for doing the curl.

Since it has gnutls too which is prone to CVE-2018-16868(Bleichenbacher type side-channel based padding attack), I am searching for a fix that can help in avoiding this issue.

I have surfed the internet but didn't get any information regarding this issue from pycurl perspective.

Thanks.

Rob
  • 14,746
  • 28
  • 47
  • 65
Nikhil
  • 65
  • 1
  • 8
  • I'm voting to close this question as off-topic because questions about operating systems and their software should be asked on https://unix.stackexchange.com/ – Rob Dec 22 '18 at 13:28

1 Answers1

2

The FreeBSD port was updated to 3.6.5 on 19 Dec 2018 09:32:32

According to https://gitlab.com/gnutls/gnutls/blob/master/NEWS 3.6.5 implements the necessary patches against the attacks from that CVE.

See also https://gitlab.com/gnutls/gnutls/merge_requests/832 and https://gitlab.com/gnutls/gnutls/issues/630 for the patch and the bugticket.

So just updating your ports should fix the issue

arved
  • 4,401
  • 4
  • 30
  • 53