CLSA-2024-1707419801

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1707419801

Upstream

CVE-2023-5981

Published

2024-02-08T19:16:44Z

Modified

2026-06-04T09:47:23.529446053Z

Summary

Fix CVE(s): CVE-2023-5981

Details

SECURITY UPDATE: timing side-channel in the RSA-PSK ClientKeyExchange
- debian/patches/nettle-pk-randomness-level.patch: (nettle/pk) use the appropriate level of randomness for each operation.
- debian/patches/pk-gnutlsswitchlibstate.patch: (pk) always use gnutlsswitchlibstate.
- debian/patches/constant-time-cache-pkcs-1-rsa-decryption.patch: Constant time/cache PKCS#1 RSA decryption.
- debian/patches/auth-rsapsk-side-channel.patch: (auth/rsapsk) side-step potential side-channel.
- debian/libgnutls30.symbols: add gnutlsprivkeydecrypt_data2.
- CVE-2023-5981

References

https://errata.cloudlinux.com/ubuntu18-els/CLSA-2024-1707419801.html

Affected packages

TuxCare:Ubuntu:18.04

gnutls-bin

Package

Name: gnutls-bin
Purl: pkg:deb/tuxcare/gnutls-bin?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

gnutls-doc

Package

Name: gnutls-doc
Purl: pkg:deb/tuxcare/gnutls-doc?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

libgnutls-dane0

Package

Name: libgnutls-dane0
Purl: pkg:deb/tuxcare/libgnutls-dane0?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

libgnutls-openssl27

Package

Name: libgnutls-openssl27
Purl: pkg:deb/tuxcare/libgnutls-openssl27?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

libgnutls28-dev

Package

Name: libgnutls28-dev
Purl: pkg:deb/tuxcare/libgnutls28-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

libgnutls30

Package

Name: libgnutls30
Purl: pkg:deb/tuxcare/libgnutls30?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"

libgnutlsxx28

Package

Name: libgnutlsxx28
Purl: pkg:deb/tuxcare/libgnutlsxx28?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.18-1ubuntu1.6+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1707419801.json"