Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-1784

Опубликовано: 15 апр. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-1784: gnutls security update (MODERATE)

[3.6.16-8.3_fips]

  • Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]
  • Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526]
  • Change Epoch from 1 to 10_fips

[3.6.16-8.3]

  • Fix memleak with older GMP (RHEL-28957)

[3.6.16-8.2]

  • Fix timing side-channel in deterministic ECDSA (RHEL-28957)

[3.6.16-8.1]

  • auth/rsa-psk: minimize branching after decryption (RHEL-21586)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.16-8.el8_9.3

gnutls

3.6.16-8.el8_9.3_fips

gnutls-c++

3.6.16-8.el8_9.3

gnutls-c++

3.6.16-8.el8_9.3_fips

gnutls-dane

3.6.16-8.el8_9.3

gnutls-dane

3.6.16-8.el8_9.3_fips

gnutls-devel

3.6.16-8.el8_9.3

gnutls-devel

3.6.16-8.el8_9.3_fips

gnutls-utils

3.6.16-8.el8_9.3

gnutls-utils

3.6.16-8.el8_9.3_fips

Oracle Linux x86_64

gnutls

3.6.16-8.el8_9.3

gnutls

3.6.16-8.el8_9.3_fips

gnutls-c++

3.6.16-8.el8_9.3

gnutls-c++

3.6.16-8.el8_9.3_fips

gnutls-dane

3.6.16-8.el8_9.3

gnutls-dane

3.6.16-8.el8_9.3_fips

gnutls-devel

3.6.16-8.el8_9.3

gnutls-devel

3.6.16-8.el8_9.3_fips

gnutls-utils

3.6.16-8.el8_9.3

gnutls-utils

3.6.16-8.el8_9.3_fips

Связанные CVE

Связанные уязвимости

CVSS3: 5.3
ubuntu
больше 1 года назад

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

CVSS3: 5.3
redhat
больше 1 года назад

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

CVSS3: 5.3
nvd
больше 1 года назад

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

CVSS3: 5.3
msrc
10 месяцев назад

Описание отсутствует

CVSS3: 5.3
debian
больше 1 года назад

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...