Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -8 articles for you...
98
security advisoryRed Hatbug fixRed Hat Enterprise Linux 8 RHSA-2023:1569-01 Moderate GnuTLS Timing Threat
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security and bug fix update Advisory ID: RHSA-2023:1569-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1569 Issue date: 2023-04-04 CVE Names: CVE-2023-0361 ==================================================================== 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: timing side-channel in the TLS RSA key exchange code (CVE-2023-0361) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * trap invalid opcode ip:7feef81809fe sp:7fee997419c0 error:0 in libgnutls.so.30.28.2[7feef8040000+1dd000] (BZ#2131152) 4. Solution: For details on how to apply this update, which includes the changes described inthis advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2131152 - trap invalid opcode ip:7feef81809fe sp:7fee997419c0 error:0 in libgnutls.so.30.28.2[7feef8040000+1dd000] [rhel-8.7.0.z] 2162596 - CVE-2023-0361 gnutls: timing side-channel in the TLS RSA key exchange code 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: gnutls-c++-3.6.16-6.el8_7.aarch64.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-dane-3.6.16-6.el8_7.aarch64.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-debugsource-3.6.16-6.el8_7.aarch64.rpm gnutls-devel-3.6.16-6.el8_7.aarch64.rpm gnutls-utils-3.6.16-6.el8_7.aarch64.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.aarch64.rpm ppc64le: gnutls-c++-3.6.16-6.el8_7.ppc64le.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-dane-3.6.16-6.el8_7.ppc64le.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-debugsource-3.6.16-6.el8_7.ppc64le.rpm gnutls-devel-3.6.16-6.el8_7.ppc64le.rpm gnutls-utils-3.6.16-6.el8_7.ppc64le.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.ppc64le.rpm s390x: gnutls-c++-3.6.16-6.el8_7.s390x.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-dane-3.6.16-6.el8_7.s390x.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-debugsource-3.6.16-6.el8_7.s390x.rpm gnutls-devel-3.6.16-6.el8_7.s390x.rpm gnutls-utils-3.6.16-6.el8_7.s390x.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.s390x.rpm x86_64: gnutls-c++-3.6.16-6.el8_7.i686.rpm gnutls-c++-3.6.16-6.el8_7.x86_64.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-dane-3.6.16-6.el8_7.i686.rpm gnutls-dane-3.6.16-6.el8_7.x86_64.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-debugsource-3.6.16-6.el8_7.i686.rpm gnutls-debugsource-3.6.16-6.el8_7.x86_64.rpm gnutls-devel-3.6.16-6.el8_7.i686.rpm gnutls-devel-3.6.16-6.el8_7.x86_64.rpm gnutls-utils-3.6.16-6.el8_7.x86_64.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: gnutls-3.6.16-6.el8_7.src.rpm aarch64: gnutls-3.6.16-6.el8_7.aarch64.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-debuginfo-3.6.16-6.el8_7.aarch64.rpm gnutls-debugsource-3.6.16-6.el8_7.aarch64.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.aarch64.rpm ppc64le: gnutls-3.6.16-6.el8_7.ppc64le.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-debuginfo-3.6.16-6.el8_7.ppc64le.rpm gnutls-debugsource-3.6.16-6.el8_7.ppc64le.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.ppc64le.rpm s390x: gnutls-3.6.16-6.el8_7.s390x.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-debuginfo-3.6.16-6.el8_7.s390x.rpm gnutls-debugsource-3.6.16-6.el8_7.s390x.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.s390x.rpm x86_64: gnutls-3.6.16-6.el8_7.i686.rpm gnutls-3.6.16-6.el8_7.x86_64.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-c++-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-dane-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-debuginfo-3.6.16-6.el8_7.x86_64.rpm gnutls-debugsource-3.6.16-6.el8_7.i686.rpm gnutls-debugsource-3.6.16-6.el8_7.x86_64.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.i686.rpm gnutls-utils-debuginfo-3.6.16-6.el8_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZCw/CdzjgjWX9erEAQh8bw//c2RrVxICqyU1/HGUNrXcXmVu2NC2GE9I oQJUF+IcHrjKmHjKICM1TELxcXtvqjVT5/Sl9MaP88mWYd1Z8nal1o4RnItBJlhh PZlcuw+RhIF+6nlNeXWspj2bpuAp6zLEHVwSbzBbX/KgtTR0tVNFx86HmPTzJN3f SWGGB1WM6uwj5c8ASOvOwAvcedAHp8SEIvgjXAV/c4rulHfPMpporMvngIP/uU6U X4RgdoSJAEzKQC3fTo6zDSTeFpdi9LGidCzUc/of8qqMifj9tBEWqoqoD4+o3Ujo f5KztzN6SxAdORRDsWpzWhwQvb7nHAbs1fnz7edt60zWPIobjSFgCdI3bB8HDd/G b+6K8uPv+/6Kw6AIvLlEp890hVrVBENhJQkVJrrGrgbmpk4en21wNKEGWJXb3sbI KKRREy9IEZeI45E6yE7lGo0xqnxzStmL+6iTCy5oP1RiyCYuhpRkYqvW1EGTn8wB ZTk+Hk2YytLPJ1SjgIHK4iUL+VUhzQ2G77z1+C1BqKRuypwR02uOarsE1s4Ls5bR 6Ohy9jDrFXjVQtAcBYfipJ2a5xelgbFG1udOreDTYnSj6U7X9Kz4p6QY2fJ3aVVz Z4T2rqYdl37bHanPPDsvUeRXoVCgkdzKDFsCankPLIs/qN8aok7O8wVJvs9MMWiY 701/4EOFJEQ=q5ts -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 04, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!