ALSA-2024:1784

Source

https://errata.almalinux.org/8/ALSA-2024-1784.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:1784.json

Related

CVE-2024-28834

Published

2024-04-11T00:00:00Z

Modified

2024-04-12T11:48:24Z

Summary

Moderate: gnutls security update

Details

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

This package update fixes a timing side-channel in deterministic ECDSA.

Security Fix(es):

gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / gnutls

Package

Name: gnutls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-c++

Package

Name: gnutls-c++

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-dane

Package

Name: gnutls-dane

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-devel

Package

Name: gnutls-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-utils

Package

Name: gnutls-utils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.16-8.el8_9.3