gnutls-3.8.3-4.el9
エラータID: AXSA:2024-8060:06
リリース日:
2024/05/31 Friday - 16:52
題名:
gnutls-3.8.3-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GnuTLS には、「ミネルバ」と呼称されているサイドチャネル
攻撃を許容してしまう問題があるため、リモートの攻撃者により、
暗号文の解読を可能とする脆弱性が存在します。
(CVE-2024-28834)
- GnuTLS には、ローカルの攻撃者により、巧妙に細工された
PEM 形式の証明書を "certtool --verify-chain" コマンドで検証
することを介して、サービス拒否攻撃 (アプリケーションの
クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-28835)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.8.3-4.el9.src.rpm
MD5: 05515efe30af1746e6b16742d48c89c6
SHA-256: 82ccc66469f04bdf651d3a297d045ed95309431ec51a4e230715e8444dcd7a5f
Size: 8.18 MB
Asianux Server 9 for x86_64
- gnutls-3.8.3-4.el9.i686.rpm
MD5: c56778b4b86a2ed2116d1d0c021a0cd7
SHA-256: e3359ab6cf1e5326327e034f152934de18ab3a5c943f98e2e7f6ecd7628a8675
Size: 1.06 MB - gnutls-3.8.3-4.el9.x86_64.rpm
MD5: edb3daa1f73d9bdfe3677be406386ca0
SHA-256: de43cebdc602e69d3061895ceb3c1e45068021123b817df4bce5408104ceadaa
Size: 1.07 MB - gnutls-c++-3.8.3-4.el9.i686.rpm
MD5: a7ce503f2363c9560ee14bd608bb578a
SHA-256: 209cc89f5934ae8514f04954807d6ef35c2e79183208615a1931f7285975894e
Size: 32.51 kB - gnutls-c++-3.8.3-4.el9.x86_64.rpm
MD5: d51d3a6e8be25d120506fc98fbc88929
SHA-256: 62e030fce32717666e8f2db64b08880112edbc0902e65ff422888746f302746e
Size: 31.34 kB - gnutls-dane-3.8.3-4.el9.i686.rpm
MD5: d350483c4ffcb31ab3df53fe58b06118
SHA-256: cd153ba20011f9c1bb03169f72520892118502d521bdb8776af3ad702ce49a20
Size: 20.87 kB - gnutls-dane-3.8.3-4.el9.x86_64.rpm
MD5: 007a264a69c562514c299023a7332715
SHA-256: 1b41a33422f4fd14acf1fe710ea6c67c5aa284ac8096f175b2237952fb2adf25
Size: 20.69 kB - gnutls-devel-3.8.3-4.el9.i686.rpm
MD5: ec3eaf519569ab4072fee0ceddd4054a
SHA-256: 78ea083c5f0ada484a393cc979d27d28717febaf91401da00487692f8e2258a4
Size: 2.18 MB - gnutls-devel-3.8.3-4.el9.x86_64.rpm
MD5: f5ae83fcd916878e272b7531af0f9738
SHA-256: 0a5c48606137ae0a2e5390fa5baf5e69b7413eb0667b2d9238a8a1a3dec16350
Size: 2.18 MB - gnutls-utils-3.8.3-4.el9.x86_64.rpm
MD5: bdd4810338551e837574b377a4952d8d
SHA-256: 35bde188286a828d6ad6f5de668e0f26397b1e6cbf9df19fa47389a298d607e3
Size: 287.47 kB
English