gnutls-3.8.3-4.el9

エラータID: AXSA:2024-8060:06

Release date: 
Friday, May 31, 2024 - 16:52
Subject: 
gnutls-3.8.3-4.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)
* gnutls: potential crash during chain building/verification (CVE-2024-28835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

Solution: 

Update packages.

CVEs: 
CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.8.3-4.el9.src.rpm
    MD5: 05515efe30af1746e6b16742d48c89c6
    SHA-256: 82ccc66469f04bdf651d3a297d045ed95309431ec51a4e230715e8444dcd7a5f
    Size: 8.18 MB

Asianux Server 9 for x86_64
  1. gnutls-3.8.3-4.el9.i686.rpm
    MD5: c56778b4b86a2ed2116d1d0c021a0cd7
    SHA-256: e3359ab6cf1e5326327e034f152934de18ab3a5c943f98e2e7f6ecd7628a8675
    Size: 1.06 MB
  2. gnutls-3.8.3-4.el9.x86_64.rpm
    MD5: edb3daa1f73d9bdfe3677be406386ca0
    SHA-256: de43cebdc602e69d3061895ceb3c1e45068021123b817df4bce5408104ceadaa
    Size: 1.07 MB
  3. gnutls-c++-3.8.3-4.el9.i686.rpm
    MD5: a7ce503f2363c9560ee14bd608bb578a
    SHA-256: 209cc89f5934ae8514f04954807d6ef35c2e79183208615a1931f7285975894e
    Size: 32.51 kB
  4. gnutls-c++-3.8.3-4.el9.x86_64.rpm
    MD5: d51d3a6e8be25d120506fc98fbc88929
    SHA-256: 62e030fce32717666e8f2db64b08880112edbc0902e65ff422888746f302746e
    Size: 31.34 kB
  5. gnutls-dane-3.8.3-4.el9.i686.rpm
    MD5: d350483c4ffcb31ab3df53fe58b06118
    SHA-256: cd153ba20011f9c1bb03169f72520892118502d521bdb8776af3ad702ce49a20
    Size: 20.87 kB
  6. gnutls-dane-3.8.3-4.el9.x86_64.rpm
    MD5: 007a264a69c562514c299023a7332715
    SHA-256: 1b41a33422f4fd14acf1fe710ea6c67c5aa284ac8096f175b2237952fb2adf25
    Size: 20.69 kB
  7. gnutls-devel-3.8.3-4.el9.i686.rpm
    MD5: ec3eaf519569ab4072fee0ceddd4054a
    SHA-256: 78ea083c5f0ada484a393cc979d27d28717febaf91401da00487692f8e2258a4
    Size: 2.18 MB
  8. gnutls-devel-3.8.3-4.el9.x86_64.rpm
    MD5: f5ae83fcd916878e272b7531af0f9738
    SHA-256: 0a5c48606137ae0a2e5390fa5baf5e69b7413eb0667b2d9238a8a1a3dec16350
    Size: 2.18 MB
  9. gnutls-utils-3.8.3-4.el9.x86_64.rpm
    MD5: bdd4810338551e837574b377a4952d8d
    SHA-256: 35bde188286a828d6ad6f5de668e0f26397b1e6cbf9df19fa47389a298d607e3
    Size: 287.47 kB