Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
Список пакетов
Container suse/sle15:15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Ссылки
- Link for SUSE-SU-2023:4952-1
- E-Mail link for SUSE-SU-2023:4952-1
- SUSE Security Ratings
- SUSE Bug 1208143
- SUSE Bug 1217277
- SUSE CVE CVE-2023-0361 page
- SUSE CVE CVE-2023-5981 page
Описание
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Затронутые продукты
Ссылки
- CVE-2023-0361
- SUSE Bug 1208143
Описание
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Затронутые продукты
Ссылки
- CVE-2023-5981
- SUSE Bug 1217277
- SUSE Bug 1218865