ELSA-2024-12135

Опубликовано: 05 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-12135: gnutls security update (MODERATE)

[3.6.16-8.1_fips]

Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]
Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526]
Change Epoch from 1 to 10

[3.6.16-8.1]

auth/rsa-psk: minimize branching after decryption (RHEL-21550)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.16-8.el8_9.1_fips

gnutls-c++

3.6.16-8.el8_9.1_fips

gnutls-dane

3.6.16-8.el8_9.1_fips

gnutls-devel

3.6.16-8.el8_9.1_fips

gnutls-utils

3.6.16-8.el8_9.1_fips

Oracle Linux x86_64

gnutls

3.6.16-8.el8_9.1_fips

gnutls-c++

3.6.16-8.el8_9.1_fips

gnutls-dane

3.6.16-8.el8_9.1_fips

gnutls-devel

3.6.16-8.el8_9.1_fips

gnutls-utils

3.6.16-8.el8_9.1_fips

Связанные CVE

CVE-2024-0553

Ссылки на источники

Связанные уязвимости

CVE-2024-0553

CVSS3: 7.5

ubuntu

больше 1 года назад

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.