Lucene search

K

Gentoo FoundationMGASA-2023-0273

HistorySep 30, 2023 - 10:15 p.m.

Updated quictls packages fix security vulnerabilities

2023-09-3022:15:40

Gentoo Foundation

advisories.mageia.org

15

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.6%

The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446) Excessive time spent checking DH q parameter value. (CVE-2023-3817)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchquictls< 3.0.10-1quictls-3.0.10-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32248

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817

www.openssl.org/news/secadv/20230714.txt

www.openssl.org/news/secadv/20230719.txt

www.openssl.org/news/secadv/20230731.txt

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.6%

Related for MGASA-2023-0273