Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 23.10 USN-6593-1 Critical: GnuTLS Timing Attack & Denial of Service

ubuntu
Calendar Grey January 22, 2024
Dist Ubuntu Esm H88
Critical updates for GnuTLS address timing attacks and DoS issues in Ubuntu 23.10 and earlier versions.
Several security issues were fixed in GnuTLS.

Summary

Several security issues were fixed in GnuTLS.

Software Description:

- gnutls28: GNU TLS library

Details:

It was discovered that GnuTLS had a timing side-channel when processing

malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could

possibly use this issue to recover sensitive information. (CVE-2024-0553)

It was discovered that GnuTLS incorrectly handled certain certificate

chains with a cross-signing loop. A remote attacker could possibly use this

issue to cause GnuTLS to crash, resulting in a denial of service. This

issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

(CVE-2024-0567)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libgnutls30                     3.8.1-4ubuntu1.2

Ubuntu 23.04:
   libgnutls30                     3.7.8-5ubuntu1.2

Ubuntu 22.04 LTS:
   libgnutls30                     3.7.3-4ubuntu1.4

Ubuntu 20.04 LTS:
   libgnutls30                     3.6.13-2ubuntu1.10

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6593-1

CVE-2024-0553, CVE-2024-0567

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6593-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.