gnutls-3.7.6-23.el9_3.4
エラータID: AXSA:2024-7696:05
リリース日:
2024/04/19 Friday - 18:18
題名:
gnutls-3.7.6-23.el9_3.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GnuTLS には、「ミネルバ」と呼称されているサイドチャネル
攻撃を許容してしまう問題があるため、リモートの攻撃者により、
暗号文の解読を可能とする脆弱性が存在します。
(CVE-2024-28834)
- GnuTLS には、ローカルの攻撃者により、巧妙に細工された
PEM 形式の証明書を "certtool --verify-chain" コマンドで検証する
ことを介して、サービス拒否攻撃 (アプリケーションのクラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2024-28835)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.7.6-23.el9_3.4.src.rpm
MD5: 2f443fd1877862f586cedb03f512fb05
SHA-256: 7e1247e640e8be3ae5085cb81c01f69c2c1cb735f384f00149a9cab7736bfb7c
Size: 8.14 MB
Asianux Server 9 for x86_64
- gnutls-3.7.6-23.el9_3.4.i686.rpm
MD5: 4ad8c322c935e962cd0aa18ceda55bdc
SHA-256: f4e4406483a37223dabfa05b5c6de2e05147ce1cb765626fd75c5ff6d960d77c
Size: 1.04 MB - gnutls-3.7.6-23.el9_3.4.x86_64.rpm
MD5: feb5193e8fc3bcc3b0d71996f52ea21a
SHA-256: c2d4bf7a64f04b5cf67003fcfa70908f203090f7d5f7110afe99d48f9dacc926
Size: 1.05 MB - gnutls-c++-3.7.6-23.el9_3.4.i686.rpm
MD5: a5590d7dd53e3a2d143ec99c955bab01
SHA-256: 3906d4aa1d740fb142a8a1a2bfe0be1a416d146b04a16ecbc3a41bbb2d48abbc
Size: 32.27 kB - gnutls-c++-3.7.6-23.el9_3.4.x86_64.rpm
MD5: 0899e9f3182a6800dbdf45132a73ca8a
SHA-256: e62bc9bc3e1096ca2b9b898cf60773382ca8f6af311eb54efa0bc02b3c664218
Size: 31.11 kB - gnutls-dane-3.7.6-23.el9_3.4.i686.rpm
MD5: 6bc96f4be01dd3e51b810e4c506e5a39
SHA-256: f70cd17879a7192a8d2e44b32b911c81dc7a72c3e87fda04a361bf4e861c3048
Size: 20.99 kB - gnutls-dane-3.7.6-23.el9_3.4.x86_64.rpm
MD5: 56ad4ea77ad5cdcfe1325fc677546890
SHA-256: 304c1c67279b08c48c2f3695ed62a374f4bf961aae2ba3743d2b93058fcd8368
Size: 20.87 kB - gnutls-devel-3.7.6-23.el9_3.4.i686.rpm
MD5: 9184750a28382f13e09367d06fba294a
SHA-256: edf59e1c67320c10610265eefad42e4725d3b16894a951918933e19caf4106f1
Size: 2.45 MB - gnutls-devel-3.7.6-23.el9_3.4.x86_64.rpm
MD5: 9201738ab7b90c902e3f0add58a3a12e
SHA-256: 7856532cb64a26449cb553c6f568d58aa05dee534725ffa8a4731f6920714039
Size: 2.45 MB - gnutls-utils-3.7.6-23.el9_3.4.x86_64.rpm
MD5: 3a0c19fbb8139ef0fee47058f9a14c2a
SHA-256: 5f49fe80126061bc4fecac9fabd32bfc0ae665eff7e14ea2bbc5bc33e0191f2e
Size: 269.36 kB