Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 2024:0638-1 Moderate: GnuTLS Timing Attack and Certificate Trust Fixes

suse
Calendar Grey February 27, 2024
Dist Suse Esm H88
An essential patch for openssl resolves three major vulnerabilities, guaranteeing network safety and user privacy.
* bsc#1218862 * bsc#1218865 Cross-References: * CVE-2024-0553

Summary

## This update for gnutls fixes the following issues: * CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). * CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-638=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-638=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-638=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-638=1

Topics%20covered

Topics Covered

security advisory moderate timing attack suse gnutls openSUSE certificate trust

References

* bsc#1218862

* bsc#1218865

Cross-

* CVE-2024-0553

* CVE-2024-0567

CVSS scores:

* CVE-2024-0553 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0553 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0567 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-0567 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5

* openSUSE Leap 15.4

* openSUSE Leap 15.5

* openSUSE Leap Micro 5.4

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Micro 5.4

* SUSE Linux Enterprise Micro 5.5

* SUSE Linux Enterprise Micro for Rancher 5.4

* SUSE Linux Enterprise Real Time 15 SP5

* SUSE Linux Enterprise Server 15 SP5

Announcement ID: SUSE-SU-2024:0638-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate timing attack suse gnutls openSUSE certificate trust

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here