Lucene search
OracleLinuxELSA-2024-1784HistoryApr 15, 2024 - 12:00 a.m.
gnutls security update
2024-04-1500:00:00
linux.oracle.com
58
gnutls
security update
memory leak
older gmp
timing side-channel
deterministic ecdsa
unix
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.2
Confidence
High
EPSS
0
Percentile
13.8%
[3.6.16-8.3_fips]
- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length
as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526] - Allow bigger known RSA modulus sizes when calling
rsa_generate_fips186_4_keypair directly [Orabug: 33200526] - Change Epoch from 1 to 10_fips
[3.6.16-8.3] - Fix memleak with older GMP (RHEL-28957)
[3.6.16-8.2] - Fix timing side-channel in deterministic ECDSA (RHEL-28957)
[3.6.16-8.1] - auth/rsa-psk: minimize branching after decryption (RHEL-21586)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | gnutls | < 3.6.16-8.el8_9.3 | gnutls-3.6.16-8.el8_9.3.src.rpm |
| oracle linux | 8 | src | gnutls | < 3.6.16-8.el8_9.3 | gnutls-3.6.16-8.el8_9.3.src.rpm |
| oracle linux | 8 | src | gnutls | < 3.6.16-8.el8_9.3 | gnutls-3.6.16-8.el8_9.3.src.rpm |
| oracle linux | 8 | src | gnutls | < 3.6.16-8.el8_9.3_fips | gnutls-3.6.16-8.el8_9.3_fips.src.rpm |
| oracle linux | 8 | aarch64 | gnutls | < 3.6.16-8.el8_9.3 | gnutls-3.6.16-8.el8_9.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | gnutls | < 3.6.16-8.el8_9.3 | gnutls-3.6.16-8.el8_9.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | gnutls | < 3.6.16-8.el8_9.3_fips | gnutls-3.6.16-8.el8_9.3_fips.aarch64.rpm |
| oracle linux | 8 | aarch64 | gnutls-c++ | < 3.6.16-8.el8_9.3 | gnutls-c++-3.6.16-8.el8_9.3.aarch64.rpm |
| oracle linux | 8 | aarch64 | gnutls-c++ | < 3.6.16-8.el8_9.3_fips | gnutls-c++-3.6.16-8.el8_9.3_fips.aarch64.rpm |
| oracle linux | 8 | aarch64 | gnutls-dane | < 3.6.16-8.el8_9.3 | gnutls-dane-3.6.16-8.el8_9.3.aarch64.rpm |
Related
redos
redos
ROS-20240717-06
2024-07-17 00:00:00
osv
osv
Moderate: gnutls security update
2024-05-06 13:04:07
Moderate: gnutls security update
2024-04-11 00:00:00
CVE-2024-28834
2024-03-21 14:15:07
redhat
redhat
(RHSA-2024:1997) Moderate: gnutls security update
2024-04-23 13:53:29
(RHSA-2024:1784) Moderate: gnutls security update
2024-04-11 15:26:54
(RHSA-2024:2044) Moderate: gnutls security update
2024-04-25 00:56:15
nessus
nessus
RHEL 8 : gnutls (RHSA-2024:2044)
2024-04-25 00:00:00
EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-2138)
2024-08-19 00:00:00
Oracle Linux 8 : gnutls (ELSA-2024-1784)
2024-04-15 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)
2024-07-01 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2138)
2024-08-20 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1884)
2024-07-16 00:00:00
vulnrichment
vulnrichment
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
2024-03-21 13:29:11
cve
cve
CVE-2024-28834
2024-03-21 14:15:07
ubuntucve
ubuntucve
CVE-2024-28834
2024-03-21 00:00:00
cvelist
cvelist
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
2024-03-21 13:29:11
almalinux
almalinux
Moderate: gnutls security update
2024-04-11 00:00:00
Moderate: gnutls security update
2024-04-30 00:00:00
Moderate: gnutls security update
2024-04-18 00:00:00
redhatcve
redhatcve
CVE-2024-28834
2024-03-21 06:08:46
debiancve
debiancve
CVE-2024-28834
2024-03-21 14:15:07
veracode
veracode
Sensitive Information Disclosure
2024-04-11 02:00:34
rocky
rocky
gnutls security update
2024-05-06 13:04:07
gnutls security update
2024-05-10 14:32:36
nvd
nvd
CVE-2024-28834
2024-03-21 14:15:07
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0755
2024-05-01 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0590
2024-04-04 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0240
2024-04-04 00:00:00
oraclelinux
oraclelinux
gnutls security update
2024-05-08 00:00:00
gnutls security update
2024-05-07 00:00:00
gnutls security update
2024-04-18 00:00:00
ubuntu
ubuntu
GnuTLS vulnerabilities
2024-04-15 00:00:00
GnuTLS vulnerabilities
2024-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: gnutls-3.8.4-1.fc39
2024-03-24 01:07:12
[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38
2024-03-31 01:54:40
[SECURITY] Fedora 40 Update: gnutls-3.8.5-1.fc40
2024-04-19 21:42:06
cloudfoundry
cloudfoundry
USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry
2024-05-23 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2024-03-26 11:00:24
f5
f5
K000141041: GnuTLS vulnerabilities CVE-2024-28834 and CVE-2024-28835
2024-09-12 00:00:00
slackware
slackware
[slackware-security] gnutls
2024-03-20 00:27:18
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.2
Confidence
High
EPSS
0
Percentile
13.8%
Related for ELSA-2024-1784