Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

gnutls: rejects certificate chain with distributed trust

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

gnutls: incomplete fix for CVE-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...

RHEL 9 : gnutls (RHSA-2024:1082)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1082 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

RHEL 8 : gnutls (RHSA-2024:1108)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1108 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...

openSUSE Security Advisory (SUSE-SU-2024:0638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for gnutls (SUSE-SU-2023:4983-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms

Summary go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTIO...

USN-6593-1: GnuTLS vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gnutls (SUSE-SU-2024:0638-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0638-1 advisory. - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...

SUSE-SU-2024:0638-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust bsc1218862. - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data bsc1218865...

[SECURITY] [DLA 3740-1] gnutls28 security update

Debian LTS Advisory DLA-3740-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2024 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u12 CVE ID : CVE-2024-0553 Debian Bug : 1061046 Hubert Kario discovered that GnuTLS, a portable...

Debian dla-3740 : gnutls-bin - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3740 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3740-1 [email protected]...

K000138649: GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553

Security Advisory Description CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2024-0553 A vulnerability was found in GnuTLS. The response times to...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-521)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-521 advisory. A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with...

F5 Networks BIG-IP : GnuTLS vulnerabilities (K000138649)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000138649 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange...

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to...