OESA-2024-1470 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-1545)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response time...

gnutls security update

3.7.6-23.4fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 - Verify salt length and iteration count for PBKDF Orabug: 35925409 3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA...

EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2024-1526)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response time...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

Oracle Linux 9 : gnutls (ELSA-2024-1879)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1879 advisory. 3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA RHEL-28958 - Fix potential crash during chain building/verification RHEL-28953 Tenable has...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...

AlmaLinux 9 : gnutls (ALSA-2024:1879)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1879 advisory. - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to...

ALSA-2024:1879 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...

gnutls security update

3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA RHEL-28958 - Fix potential crash during chain building/verification RHEL-28953...

RHEL 9 : gnutls (RHSA-2024:1879)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1879 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

openSUSE Security Advisory (SUSE-SU-2024:1271-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6733-1: GnuTLS vulnerabilities

It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-28834 It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker cou...

USN-6733-1 gnutls28 vulnerabilities

It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-28834 It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker cou...

gnutls security update

3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 - Allow bigger known RSA modulus sizes when calling rsageneratefips1864keypair directly Orabug: 33200526 - Change Epoch from 1 to 10fips...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GnuTLS vulnerabilities (USN-6733-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-1 advisory. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly us...

Oracle Linux 8 : gnutls (ELSA-2024-1784)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1784 advisory. 3.6.16-8.3fips - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 Orabug: 33200526 ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnutls (SUSE-SU-2024:1271-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1271-1 advisory. - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits...

SUSE-SU-2024:1271-3 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA bsc1221746 - CVE-2024-28835: Fixed denial of service during certificate chain verification bsc1221747 Other fixes: - jitterentropy: Release the memory of the entropy collector when...