Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865).
Список пакетов
Container bci/php-apache:latest
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
Container bci/php-fpm:latest
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
Container bci/php:latest
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
Image SLES15-SP4-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS-Aliyun
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-HPC-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Hardened-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Hardened-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Hardened-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Hardened-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-Micro-5-4-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Azure-LI-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-BYOS
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-BYOS-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-BYOS-EC2
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-BYOS-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-BYOS
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAP-Hardened-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAPCAL
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAPCAL-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAPCAL-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SAPCAL-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Azure-3P
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Azure-Basic
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Azure-Standard
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-Aliyun
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-GDC
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-HPC-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-HPC-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-HPC-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-HPC-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Hardened-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Hardened-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Hardened-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-BYOS-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-BYOS-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-BYOS-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-Micro-5-5-GCE
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Azure-3P
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Azure-LI-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-BYOS-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-BYOS-EC2
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-BYOS-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Hardened-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAP-Hardened-GCE
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAPCAL-Azure
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAPCAL-EC2
libgnutls30-3.7.3-150400.4.41.3
Image SLES15-SP5-SAPCAL-GCE
libgnutls30-3.7.3-150400.4.41.3
SUSE Linux Enterprise Micro 5.4
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
SUSE Linux Enterprise Micro 5.5
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
SUSE Linux Enterprise Module for Basesystem 15 SP5
gnutls-3.7.3-150400.4.41.3
libgnutls-devel-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-32bit-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
libgnutls30-hmac-32bit-3.7.3-150400.4.41.3
libgnutlsxx-devel-3.7.3-150400.4.41.3
libgnutlsxx28-3.7.3-150400.4.41.3
openSUSE Leap 15.5
gnutls-3.7.3-150400.4.41.3
gnutls-guile-3.7.3-150400.4.41.3
libgnutls-devel-3.7.3-150400.4.41.3
libgnutls-devel-32bit-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-32bit-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
libgnutls30-hmac-32bit-3.7.3-150400.4.41.3
libgnutlsxx-devel-3.7.3-150400.4.41.3
libgnutlsxx28-3.7.3-150400.4.41.3
openSUSE Leap Micro 5.4
gnutls-3.7.3-150400.4.41.3
libgnutls30-3.7.3-150400.4.41.3
libgnutls30-hmac-3.7.3-150400.4.41.3
Ссылки
- Link for SUSE-SU-2024:0638-1
- E-Mail link for SUSE-SU-2024:0638-1
- SUSE Security Ratings
- SUSE Bug 1218862
- SUSE Bug 1218865
- SUSE CVE CVE-2024-0553 page
- SUSE CVE CVE-2024-0567 page
Описание
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Затронутые продукты
Container bci/php-apache:latest:libgnutls30-3.7.3-150400.4.41.3
Container bci/php-apache:latest:libgnutls30-hmac-3.7.3-150400.4.41.3
Container bci/php-fpm:latest:libgnutls30-3.7.3-150400.4.41.3
Container bci/php-fpm:latest:libgnutls30-hmac-3.7.3-150400.4.41.3
Ссылки
- CVE-2024-0553
- SUSE Bug 1218865
Описание
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Затронутые продукты
Container bci/php-apache:latest:libgnutls30-3.7.3-150400.4.41.3
Container bci/php-apache:latest:libgnutls30-hmac-3.7.3-150400.4.41.3
Container bci/php-fpm:latest:libgnutls30-3.7.3-150400.4.41.3
Container bci/php-fpm:latest:libgnutls30-hmac-3.7.3-150400.4.41.3
Ссылки
- CVE-2024-0567
- SUSE Bug 1218862