ELSA-2025-20284

Опубликовано: 24 апр. 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-20284: gnutls security update (MODERATE)

[3.6.16-8.3_fips]

Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]
Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526]
Change Epoch from 1 to 10

[3.6.16-8.3]

Backport the fix for CVE-2024-12243

[3.6.16-8.3]

Fix memleak with older GMP (RHEL-28957)

[3.6.16-8.2]

Fix timing side-channel in deterministic ECDSA (RHEL-35231)

[3.6.16-8.1]

auth/rsa-psk: minimize branching after decryption (RHEL-21550)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.16-8.el8_10.3_fips

gnutls-c++

3.6.16-8.el8_10.3_fips

gnutls-dane

3.6.16-8.el8_10.3_fips

gnutls-devel

3.6.16-8.el8_10.3_fips

gnutls-utils

3.6.16-8.el8_10.3_fips

Oracle Linux x86_64

gnutls

3.6.16-8.el8_10.3_fips

gnutls-c++

3.6.16-8.el8_10.3_fips

gnutls-dane

3.6.16-8.el8_10.3_fips

gnutls-devel

3.6.16-8.el8_10.3_fips

gnutls-utils

3.6.16-8.el8_10.3_fips

Связанные CVE

CVE-2024-12243

Ссылки на источники

Связанные уязвимости

CVE-2024-12243

CVSS3: 5.3

ubuntu

6 месяцев назад

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.