Medium: gnutls

🗓️ 05 Mar 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 3 Views

Vulnerability in GnuTLS allows timing side-channel attack in RSA-PSK key exchange, update required.

Reporter	Title	Published	Views	Family All 296
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to an Observable Discrepancy in the RHEL UBI (CVE-2023-5981)	5 Aug 202421:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3	30 Jan 202408:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management	25 Apr 202510:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities	24 Apr 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms	1 Mar 202405:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple Linux Kernel vulnerabilities	15 May 202417:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer	25 Apr 202510:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information	21 Nov 202421:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to an Observable Discrepancy in the RHEL UBI (CVE-2024-0553)	5 Aug 202421:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information	21 Nov 202421:37	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	gnutls-debuginfo	3.8.0-379.amzn2023.0.5	gnutls-debuginfo-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-dane	3.8.0-379.amzn2023.0.5	gnutls-dane-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-c++-debuginfo	3.8.0-379.amzn2023.0.5	gnutls-c++-debuginfo-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-dane-debuginfo	3.8.0-379.amzn2023.0.5	gnutls-dane-debuginfo-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-utils-debuginfo	3.8.0-379.amzn2023.0.5	gnutls-utils-debuginfo-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-c++	3.8.0-379.amzn2023.0.5	gnutls-c++-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-debugsource	3.8.0-379.amzn2023.0.5	gnutls-debugsource-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-utils	3.8.0-379.amzn2023.0.5	gnutls-utils-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls	3.8.0-379.amzn2023.0.5	gnutls-3.8.0-379.amzn2023.0.5.aarch64.rpm
Amazon Linux	2	aarch64	gnutls-devel	3.8.0-379.amzn2023.0.5	gnutls-devel-3.8.0-379.amzn2023.0.5.aarch64.rpm

05 Mar 2024 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.5

EPSS0.01028

SSVC

gnutls vulnerability timing attack rsa-psk key exchange update required cve-2024-0553 cve-2023-5981