gnutls-3.6.16-8.el8_9.1.ML.1
エラータID: AXSA:2024-7497:03
リリース日:
2024/02/02 Friday - 16:23
題名:
gnutls-3.6.16-8.el8_9.1.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GnuTLS には、RSA-PSK ClientKeyExchange による暗号文への
応答時間と、適切に PKCS#1 v1.5 のパディングが使用された暗号文
への応答時間が異なる問題があるため、リモートの攻撃者により、
細工された RSA-PSK ClientKeyExchange による暗号文を介して、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2024-0553)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.6.16-8.el8_9.1.ML.1.src.rpm
MD5: 6b386964fd34f5e08a67de399d9fca4f
SHA-256: c4849541231663c6723a79f908740be94e39bbfb59d0b8553ff85467b8b5a6e3
Size: 5.49 MB
Asianux Server 8 for x86_64
- gnutls-3.6.16-8.el8_9.1.ML.1.i686.rpm
MD5: e018cc97be75626095694995cd8f754a
SHA-256: c58762a046a1c73a27be503b2b3fda421454f3e6dcf9e4b9cfa61935dcf1ab07
Size: 1.01 MB - gnutls-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
MD5: a89f9b06ac402b4f4c05eec17d6f1cb7
SHA-256: 328adec2ea200f9eb2a42187c3f139f0c289f4fcf62c83c70c49a1e139412bbf
Size: 0.99 MB - gnutls-c++-3.6.16-8.el8_9.1.ML.1.i686.rpm
MD5: 155464dfeda6d7347ba1d1a2cd933710
SHA-256: 1f38102a14eb114227fe1655a4dba7ef722fe237568295adf879fd510a9010b9
Size: 49.51 kB - gnutls-c++-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
MD5: 87f7abf2a32e8e94deb4a9395aa24b47
SHA-256: f41c40395ba1fb1974fe61c155dd5027e89667e1a3b32b8ca06d25d99a3d3565
Size: 48.44 kB - gnutls-dane-3.6.16-8.el8_9.1.ML.1.i686.rpm
MD5: a0f234ea0f7d0e08af4ce225555b81f2
SHA-256: 28cf34220ec35064f56139fcb76e7e41666e81530fdb347da1660a70d1d09af9
Size: 52.75 kB - gnutls-dane-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
MD5: 5d5bd4cfe3c63d139ddac81bb76f9e82
SHA-256: aac7d2a3ab816772bbdbb20d82f14f93b5b0dd830f18ebb0edabb78435258535
Size: 51.84 kB - gnutls-devel-3.6.16-8.el8_9.1.ML.1.i686.rpm
MD5: 2373b4df71101154c085ad32e3404eaa
SHA-256: 61177efe6b416f577bb815244aa567f501f20e257a4d678d63efe82805e0f6d8
Size: 2.18 MB - gnutls-devel-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
MD5: 819831202db533b3ed8e976c3f90617e
SHA-256: 2ca37f1902216b536dd4a019af9cd846ccf712f4d222ea6c18f11ee4da2348ca
Size: 2.18 MB - gnutls-utils-3.6.16-8.el8_9.1.ML.1.x86_64.rpm
MD5: 968a4861ff03f151175ad4374284ae94
SHA-256: bdf4efce6f337ee9908c28b12576c1dc664501fb93f4f4a318c4829492704d92
Size: 348.04 kB