4466 matches found
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
CVE-2024-0553
CVE-2024-0553 affects GnuTLS and describes a timing side‑channel in RSA-PSK ClientKeyExchange that could leak data. Multiple connected advisories confirm affected package versions and provide fixes: Debian/Red Hat‑based mariners list upgrades to mitigate (examples include gnutls >= 3.7.11-1 or...
PT-2024-1279
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with...
GnuTLS Security Vulnerabilities
GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS that originates from allowing an unauthenticated remote client or attacker to launch a denial of service attack...
PT-2024-1281
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description The issue is related to a difference in response time when handling RSA ciphertext in ClientKeyExchange messages with correct and incorrect PKCS1 padding. This could allow a remote attacker to...
Slackware Linux 15.0 / current gnutls Multiple Vulnerabilities (SSA:2024-016-01)
The version of gnutls installed on the remote host is prior to 3.8.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-016-01 advisory. - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from...
Mageia: Security Advisory (MGASA-2024-0008)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0008 Updated gnutls packages fix a security vulnerability
The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2023-5981...
Updated gnutls packages fix a security vulnerability
The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2023-5981...
gnutls security update
An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...
RLSA-2024:0155 Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...
Oracle Linux 8 : gnutls (ELSA-2024-0155)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0155 advisory. 3.6.16-8 - timing side-channel in the RSA-PSK authentication CVE-2023-5981 Tenable has extracted the preceding description block directly from the Oracle Linux...
AlmaLinux 8 : gnutls (ALSA-2024:0155)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...
Rocky Linux 8 : gnutls (RLSA-2024:0155)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...
gnutls security update
3.6.16-8 - timing side-channel in the RSA-PSK authentication CVE-2023-5981...
Moderate: Red Hat Security Advisory: gnutls security update
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...
ALSA-2024:0155 Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...
CentOS 8 : gnutls (CESA-2024:0155)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...