PT-2024-22602 · Gnutls +10 · Gnutls +10

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: A flaw was found in GnuTLS, known as the Minerva attack, which is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In...

Fedora: Security Advisory (FEDORA-2023-e075ac32be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: gnutls-3.8.2-1.fc39

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Fedora 39 : gnutls (2023-e075ac32be)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e075ac32be advisory. New upstream release with a fix for GNUTLS-SA-2023-10-23. Tenable has extracted the preceding description block directly from the Fedora security advisory...

AZL-32048 CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

CVE-2023-5981 Gnutls: timing side-channel in the rsa-psk authentication

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Mitigation To address the issue found upgrade to GnuTLS 3.8.2 or later versions...

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.7-4+deb10u11, which stems from a security flaw in the RSA-PSK ClientKeyExchange, where the response time to a misformatted ciphertext differs from the...

Debian: Security Advisory (DLA-3660-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6499-1 gnutls28 vulnerability

It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information...

USN-6499-1: GnuTLS vulnerability

It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information...

Advisory ROSA-SA-2023-2298

Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : GnuTLS vulnerability (USN-6499-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6499-1 advisory. It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly...

CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Rocky Linux 9 : gnutls and nettle (RLSA-2022:6854)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6854 advisory. - A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify...

PT-2023-8678

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A vulnerability was found related to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange, which differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty CVE-2020-10735, CVE-2022-45061. LibTiff is used by IBM Robotic Process Automation for Cloud Pak as part of .NET Core and Watson NLP CVE-2022-3627, CVE-2022-3970. cURL libcurl is used...

Oracle Linux 8 : gnutls (ELSA-2019-3600)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3600 advisory. - Fixed CVE-2019-3829 1693285 - Fixed CVE-2019-3836 1693288 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Oracle Linux 9 : samba (ELSA-2023-2519)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2519 advisory. - resolves: rhbz2154373 - Fix CVE-2022-38023 - Fix CVE-2022-1615 GnuTLS gnutlsrnd can fail and give predictable random values - resolves: rhbz2108332 - Fix...