ALSA-2023:1569

Source
https://errata.almalinux.org/8/ALSA-2023-1569.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:1569.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:1569
Related
Published
2023-04-04T00:00:00Z
Modified
2023-04-05T12:14:32Z
Summary
Moderate: gnutls security and bug fix update
Details

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

  • gnutls: timing side-channel in the TLS RSA key exchange code (CVE-2023-0361)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • trap invalid opcode ip:7feef81809fe sp:7fee997419c0 error:0 in libgnutls.so.30.28.2[7feef8040000+1dd000] (BZ#2131152)
References

Affected packages

AlmaLinux:8 / gnutls

Package

Name
gnutls

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-6.el8_7

AlmaLinux:8 / gnutls-c++

Package

Name
gnutls-c++

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-6.el8_7

AlmaLinux:8 / gnutls-dane

Package

Name
gnutls-dane

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-6.el8_7

AlmaLinux:8 / gnutls-devel

Package

Name
gnutls-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-6.el8_7

AlmaLinux:8 / gnutls-utils

Package

Name
gnutls-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-6.el8_7