Skip to content

1.90.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 15 Apr 19:59
· 178 commits to main since this release
1.90.0
b1e4a4a

Notably, this release addresses:

USN-6733-1 GnuTLS vulnerabilities:

  • CVE-2024-28835:
    A flaw has been discovered in GnuTLS where an application crash can be
    induced when attempting to verify a specially crafted .pem bundle using the
    "certtool --verify-chain" command.
  • CVE-2024-28834:
    A flaw was found in GnuTLS. The Minerva attack is a cryptographic
    vulnerability that exploits deterministic behavior in systems like GnuTLS,
    leading to side-channel leaks. In specific scenarios, such as when using
    the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable
    step in nonce size from 513 to 512 bits, exposing a potential timing
    side-channel.
-ii  libgnutls-dane0:amd64     3.7.3-4ubuntu1.4 amd64 GNU TLS library - DANE security support
-ii  libgnutls-openssl27:amd64 3.7.3-4ubuntu1.4 amd64 GNU TLS library - OpenSSL wrapper
-ii  libgnutls28-dev:amd64     3.7.3-4ubuntu1.4 amd64 GNU TLS library - development files
-ii  libgnutls30:amd64         3.7.3-4ubuntu1.4 amd64 GNU TLS library - main runtime library
-ii  libgnutlsxx28:amd64       3.7.3-4ubuntu1.4 amd64 GNU TLS library - C++ runtime library
+ii  libgnutls-dane0:amd64     3.7.3-4ubuntu1.5 amd64 GNU TLS library - DANE security support
+ii  libgnutls-openssl27:amd64 3.7.3-4ubuntu1.5 amd64 GNU TLS library - OpenSSL wrapper
+ii  libgnutls28-dev:amd64     3.7.3-4ubuntu1.5 amd64 GNU TLS library - development files
+ii  libgnutls30:amd64         3.7.3-4ubuntu1.5 amd64 GNU TLS library - main runtime library
+ii  libgnutlsxx28:amd64       3.7.3-4ubuntu1.5 amd64 GNU TLS library - C++ runtime library```
Assets 3
Loading