gnutls-3.7.6-18.el9

エラータID: AXSA:2023-5214:01

Release date: 
Wednesday, March 8, 2023 - 05:42
Subject: 
gnutls-3.7.6-18.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: timing side-channel in the TLS RSA key exchange code (CVE-2023-0361)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* CCM tag length should be limited to known values
* In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
* dracut-cmdline[554]: Error in GnuTLS initialization: Error while performing self checks i FIPS mode

CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

Solution: 

Update packages.

CVEs: 
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.7.6-18.el9.src.rpm
    MD5: 358194bc41a120b4ceb27400f19013ab
    SHA-256: 5f69368f11d2e3ac0345e7a89dd3c0f57bddaedc243561f4dca4ea9a11d54d23
    Size: 8.10 MB

Asianux Server 9 for x86_64
  1. gnutls-3.7.6-18.el9.i686.rpm
    MD5: 86fe0eeb54ab455637825d4ccfd462da
    SHA-256: 008246effb80e778093408c6d24d1d152afe603ad792244da15e7abc0492a0a9
    Size: 1.03 MB
  2. gnutls-3.7.6-18.el9.x86_64.rpm
    MD5: a4fa019b84ac23e6bc1f008f03d54c9f
    SHA-256: b6bb0fa3d893f5204a0e71d88ebd320a88e9192678a151270fa5300415d748bd
    Size: 1.05 MB
  3. gnutls-c++-3.7.6-18.el9.i686.rpm
    MD5: 87f7d87a57650412a45d83f95c15d885
    SHA-256: 3c23cdd73edee9b6486acd3877c9c2fac0da76c541b332f8d3ebe42a14537fe0
    Size: 34.45 kB
  4. gnutls-c++-3.7.6-18.el9.x86_64.rpm
    MD5: 05351c2dcb33af9bbdce149ff5c645bf
    SHA-256: 89e032923389448c44094c743ce3c75f815bba552c1fa04f9b6a59f8e3b4d83f
    Size: 33.43 kB
  5. gnutls-dane-3.7.6-18.el9.i686.rpm
    MD5: 595b29bfc19549a301078d85eee8a52c
    SHA-256: ebd1321d299862d0c64c40dcd9592442835a011a8684ab15d73dbcbf896bdd91
    Size: 23.21 kB
  6. gnutls-dane-3.7.6-18.el9.x86_64.rpm
    MD5: 42c9761cefad9037e4e95a757fa0b654
    SHA-256: f1cb6c31233c724fab725abeb5272a64c94aa7ae912bf4473c9ce6577b31a619
    Size: 22.97 kB
  7. gnutls-devel-3.7.6-18.el9.i686.rpm
    MD5: 73013077dd96e239bf7febd4511c0f93
    SHA-256: 4e7703ef80f2d7b1e7e457f2a54cc9c1fbdbe5395f56841dbe5168a050476c48
    Size: 2.18 MB
  8. gnutls-devel-3.7.6-18.el9.x86_64.rpm
    MD5: 71b946ff4143d3e99c0c0e5fd6c70902
    SHA-256: 77e3015476fcc4b382e081b0d18ff424bc4c02b914c7cccac16be43130427572
    Size: 2.18 MB
  9. gnutls-utils-3.7.6-18.el9.x86_64.rpm
    MD5: 796f5568b6a6b2d536c50f88fe29f9e3
    SHA-256: dd12d2350be98b8dfc421f5f3fc48dd8c3acc6d5227ae1aa30e91a8f8f411ae0
    Size: 265.37 kB