SUSE: 2024:1179-1 Important: GnuTLS Timing Attack Security Update

suse

April 9, 2024

* bsc#1202146 * bsc#1203299 * bsc#1203779 * bsc#1207183 * bsc#1207346

Summary

## This update for gnutls fixes the following issues: Security issues fixed: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). * CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). * CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). FIPS 140-3 certification related bugs fixed: * FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) * FIPS: Make XTS key check failure not fatal (bsc#1203779) * FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183]

Topics Covered

security advisory security issue timing attack SUSE important fix GnuTLS Linux Micro

References

* bsc#1202146

* bsc#1203299

* bsc#1203779

* bsc#1207183

* bsc#1207346

* bsc#1208143

* bsc#1208146

* bsc#1208237

* bsc#1209001

* bsc#1217277

* bsc#1218862

* bsc#1218865

* jsc#PED-1562

Cross-

* CVE-2023-0361

* CVE-2023-5981

* CVE-2024-0553

* CVE-2024-0567

CVSS scores:

* CVE-2023-0361 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-0361 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0553 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0553 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:1179-1

Rating: important

Topics Covered

security advisory security issue timing attack SUSE important fix GnuTLS Linux Micro

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:1179-1 Important: GnuTLS Timing Attack Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2024:1179-1 Important: GnuTLS Timing Attack Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!