Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE 15.4 Moderate: 2024:0638-1 GnuTLS Timing Attack Fix

opensuse
Calendar Grey February 27, 2024
Dist Opensuse Esm H88
Important gnutls patch for openSUSE enhancing certificate verification and RSA-PSK security protocols. Apply suggested updates promptly.
This update for gnutls fixes the following issues: CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862).

Description

This update for gnutls fixes the following issues:

* CVE-2024-0567: Fixed an incorrect rejection of certificate chains with

distributed trust (bsc#1218862).

* CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which

could lead to the leakage of sensitive data (bsc#1218865).

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2024-638=1

* openSUSE Leap Micro 5.4

zypper in -t patch openSUSE-Leap-Micro-5.4-2024-638=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2024-638=1

* SUSE Linux Enterprise Micro for Rancher 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2024-638=1

* SUSE Linux Enterprise Micro 5.4

zypper in -t patch SUSE-SLE-Micro-5.4-2024-638=1

* SUSE Linux Enterprise Micro 5.5

zypper in -t patch SUSE-SLE-Micro-5.5-2024-638=1

* Basesystem Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-638=1

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* gnutls-debuginfo-3.7.3-150400.4.41.3

* gnutls-guile-debuginfo-3.7.3-150400.4.41.3

* libgnutls30-debuginfo-3.7.3-150400.4.41.3

* libgnutlsxx-devel-3.7.3-150400.4.41.3

* libgnutls30-3.7.3-150400.4.41.3

* gnutls-debugsource-3.7.3-150400.4.41.3

* gnutls-guile-3.7.3-150400.4.41.3

* libgnutls-devel-3.7.3-150400.4.41.3

* libgnutlsxx28-3.7.3-150400.4.41.3

* gnutls-3.7.3-150400.4.41.3

* libgnutlsxx28-debuginfo-3.7.3-150400.4.41.3

* libgnutls30-hmac-3.7.3-150400.4.41.3

* openSUSE Leap 15.4 (x86_64)

* libgnutls30-hmac-32bit-3.7.3-150400.4.41.3

* libgnutls30-32bit-debuginfo-3.7.3-150400.4.41.3

* libgnutls-devel-32bit-3.7.3-150400.4.41.3

* libgnutls30-32bit-3.7.3-150400.4.41.3

* openSUSE Leap 15.4 (aarch64_ilp32)

* libgnutls30-64bit-debuginfo-3.7.3-150400.4.41.3

* libgnutls30-hmac-64bit-3.7.3-150400.4.41.3

* libgnutls-devel-64bit-3.7.3-150400.4.41.3

* libgnutls30-64bit-3.7.3-150400.4.41.3

* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)

*...

Read the Full Advisory

References

* bsc#1218862

* bsc#1218865

## References:

* https://www.suse.com/security/cve/CVE-2024-0553.html

* https://www.suse.com/security/cve/CVE-2024-0567.html

* https://bugzilla.suse.com/show_bug.cgi?id=1218862

* https://bugzilla.suse.com/show_bug.cgi?id=1218865

Announcement ID: SUSE-SU-2024:0638-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.