Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1442)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

[slackware-security] gnutls

New gnutls packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.4-i586-1slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in the...

PT-2024-2444 · Gnutls +8 · Gnutls +8

Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 3.8.3 Description: A flaw in the GnuTLS library is related to shortcomings in handling exceptional states when analyzing the cert list size parameter in the gnutls x509 trust list verify crt2 function. This issue can ...

Slackware: Security Advisory (SSA:2024-079-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current gnutls Multiple Vulnerabilities (SSA:2024-079-01)

The version of gnutls installed on the remote host is prior to 3.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-079-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version numbe...

USN-6499-1: GnuTLS vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information. Update Instructions:...

CVE-2024-0567 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-0567 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

SUSE-SU-2024:0860-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 bsc1218865...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1334)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1312)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2024:0860-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0860-1 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response time...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1213)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2024-1334)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertext...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1235)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1213)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2024-1312)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertext...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2024-1710184399 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-548)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-548 advisory. A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may...