Lucene search

K
almalinuxAlmaLinuxALSA-2024:1784
HistoryApr 11, 2024 - 12:00 a.m.

Moderate: gnutls security update

2024-04-1100:00:00
errata.almalinux.org
18
gnutls package
gnu transport layer security
deterministic ecdsa
minerva side-channel
information leak
cve page
security update

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

13.8%

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library,
which implements cryptographic algorithms and protocols such as SSL, TLS, and
DTLS.

This package update fixes a timing side-channel in deterministic ECDSA.

Security Fix(es):

  • gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

13.8%