gnutls-3.6.16-8.el8_9.1.ML.1

エラータID: AXSA:2024-7497:03

Release date: 
Friday, February 2, 2024 - 16:23
Subject: 
gnutls-3.6.16-8.el8_9.1.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures.

Security Fix(es):

* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Solution: 

Update packages.

CVEs: 
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.6.16-8.el8_9.1.ML.1.src.rpm
    MD5: 6b386964fd34f5e08a67de399d9fca4f
    SHA-256: c4849541231663c6723a79f908740be94e39bbfb59d0b8553ff85467b8b5a6e3
    Size: 5.49 MB

Asianux Server 8 for x86_64
  1. gnutls-3.6.16-8.el8_9.1.ML.1.i686.rpm
    MD5: e018cc97be75626095694995cd8f754a
    SHA-256: c58762a046a1c73a27be503b2b3fda421454f3e6dcf9e4b9cfa61935dcf1ab07
    Size: 1.01 MB
  2. gnutls-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
    MD5: a89f9b06ac402b4f4c05eec17d6f1cb7
    SHA-256: 328adec2ea200f9eb2a42187c3f139f0c289f4fcf62c83c70c49a1e139412bbf
    Size: 0.99 MB
  3. gnutls-c++-3.6.16-8.el8_9.1.ML.1.i686.rpm
    MD5: 155464dfeda6d7347ba1d1a2cd933710
    SHA-256: 1f38102a14eb114227fe1655a4dba7ef722fe237568295adf879fd510a9010b9
    Size: 49.51 kB
  4. gnutls-c++-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
    MD5: 87f7abf2a32e8e94deb4a9395aa24b47
    SHA-256: f41c40395ba1fb1974fe61c155dd5027e89667e1a3b32b8ca06d25d99a3d3565
    Size: 48.44 kB
  5. gnutls-dane-3.6.16-8.el8_9.1.ML.1.i686.rpm
    MD5: a0f234ea0f7d0e08af4ce225555b81f2
    SHA-256: 28cf34220ec35064f56139fcb76e7e41666e81530fdb347da1660a70d1d09af9
    Size: 52.75 kB
  6. gnutls-dane-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
    MD5: 5d5bd4cfe3c63d139ddac81bb76f9e82
    SHA-256: aac7d2a3ab816772bbdbb20d82f14f93b5b0dd830f18ebb0edabb78435258535
    Size: 51.84 kB
  7. gnutls-devel-3.6.16-8.el8_9.1.ML.1.i686.rpm
    MD5: 2373b4df71101154c085ad32e3404eaa
    SHA-256: 61177efe6b416f577bb815244aa567f501f20e257a4d678d63efe82805e0f6d8
    Size: 2.18 MB
  8. gnutls-devel-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
    MD5: 819831202db533b3ed8e976c3f90617e
    SHA-256: 2ca37f1902216b536dd4a019af9cd846ccf712f4d222ea6c18f11ee4da2348ca
    Size: 2.18 MB
  9. gnutls-utils-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
    MD5: 968a4861ff03f151175ad4374284ae94
    SHA-256: bdf4efce6f337ee9908c28b12576c1dc664501fb93f4f4a318c4829492704d92
    Size: 348.04 kB