gnutls-3.7.6-23.el9_3.4

エラータID: AXSA:2024-7696:05

Release date: 
Friday, April 19, 2024 - 18:18
Subject: 
gnutls-3.7.6-23.el9_3.4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)
* gnutls: potential crash during chain building/verification (CVE-2024-28835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

Solution: 

Update packages.

CVEs: 
CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.7.6-23.el9_3.4.src.rpm
    MD5: 2f443fd1877862f586cedb03f512fb05
    SHA-256: 7e1247e640e8be3ae5085cb81c01f69c2c1cb735f384f00149a9cab7736bfb7c
    Size: 8.14 MB

Asianux Server 9 for x86_64
  1. gnutls-3.7.6-23.el9_3.4.i686.rpm
    MD5: 4ad8c322c935e962cd0aa18ceda55bdc
    SHA-256: f4e4406483a37223dabfa05b5c6de2e05147ce1cb765626fd75c5ff6d960d77c
    Size: 1.04 MB
  2. gnutls-3.7.6-23.el9_3.4.x86_64.rpm
    MD5: feb5193e8fc3bcc3b0d71996f52ea21a
    SHA-256: c2d4bf7a64f04b5cf67003fcfa70908f203090f7d5f7110afe99d48f9dacc926
    Size: 1.05 MB
  3. gnutls-c++-3.7.6-23.el9_3.4.i686.rpm
    MD5: a5590d7dd53e3a2d143ec99c955bab01
    SHA-256: 3906d4aa1d740fb142a8a1a2bfe0be1a416d146b04a16ecbc3a41bbb2d48abbc
    Size: 32.27 kB
  4. gnutls-c++-3.7.6-23.el9_3.4.x86_64.rpm
    MD5: 0899e9f3182a6800dbdf45132a73ca8a
    SHA-256: e62bc9bc3e1096ca2b9b898cf60773382ca8f6af311eb54efa0bc02b3c664218
    Size: 31.11 kB
  5. gnutls-dane-3.7.6-23.el9_3.4.i686.rpm
    MD5: 6bc96f4be01dd3e51b810e4c506e5a39
    SHA-256: f70cd17879a7192a8d2e44b32b911c81dc7a72c3e87fda04a361bf4e861c3048
    Size: 20.99 kB
  6. gnutls-dane-3.7.6-23.el9_3.4.x86_64.rpm
    MD5: 56ad4ea77ad5cdcfe1325fc677546890
    SHA-256: 304c1c67279b08c48c2f3695ed62a374f4bf961aae2ba3743d2b93058fcd8368
    Size: 20.87 kB
  7. gnutls-devel-3.7.6-23.el9_3.4.i686.rpm
    MD5: 9184750a28382f13e09367d06fba294a
    SHA-256: edf59e1c67320c10610265eefad42e4725d3b16894a951918933e19caf4106f1
    Size: 2.45 MB
  8. gnutls-devel-3.7.6-23.el9_3.4.x86_64.rpm
    MD5: 9201738ab7b90c902e3f0add58a3a12e
    SHA-256: 7856532cb64a26449cb553c6f568d58aa05dee534725ffa8a4731f6920714039
    Size: 2.45 MB
  9. gnutls-utils-3.7.6-23.el9_3.4.x86_64.rpm
    MD5: 3a0c19fbb8139ef0fee47058f9a14c2a
    SHA-256: 5f49fe80126061bc4fecac9fabd32bfc0ae665eff7e14ea2bbc5bc33e0191f2e
    Size: 269.36 kB