ALSA-2024:1784

Source
https://errata.almalinux.org/8/ALSA-2024-1784.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:1784.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:1784
Related
Published
2024-04-11T00:00:00Z
Modified
2024-04-12T11:48:24Z
Summary
Moderate: gnutls security update
Details

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

This package update fixes a timing side-channel in deterministic ECDSA.

Security Fix(es):

  • gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / gnutls

Package

Name
gnutls

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-c++

Package

Name
gnutls-c++

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-dane

Package

Name
gnutls-dane

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-devel

Package

Name
gnutls-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-8.el8_9.3

AlmaLinux:8 / gnutls-utils

Package

Name
gnutls-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.16-8.el8_9.3