CLSA-2024-1734368297

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1734368297

Upstream

CVE-2023-5981

CVE-2024-0553

CVE-2024-0567

Published

2024-12-16T16:58:23Z

Modified

2026-06-01T00:32:56.683760204Z

Summary

gnutls: Fix of 3 CVEs

Details

Keep the broken pkcs11 tests disabled.
Added CVE-2024-0567 PoC test.
CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers.
CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side channel attacks.
CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack.
CVE-2024-0553: minimize branching after decryption.

References

https://errata.tuxcare.com/oraclelinux7-els/CLSA-2024-1734368297.html

Affected packages

TuxCare:OracleLinux:7

gnutls

Package

Name: gnutls
Purl: pkg:rpm/tuxcare/gnutls?distro=oraclelinux-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.29-9.el7_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json"

gnutls-c++

Package

Name: gnutls-c++
Purl: pkg:rpm/tuxcare/gnutls-c++?distro=oraclelinux-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.29-9.el7_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json"

gnutls-dane

Package

Name: gnutls-dane
Purl: pkg:rpm/tuxcare/gnutls-dane?distro=oraclelinux-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.29-9.el7_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json"

gnutls-devel

Package

Name: gnutls-devel
Purl: pkg:rpm/tuxcare/gnutls-devel?distro=oraclelinux-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.29-9.el7_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json"

gnutls-utils

Package

Name: gnutls-utils
Purl: pkg:rpm/tuxcare/gnutls-utils?distro=oraclelinux-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.29-9.el7_6.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2024-1734368297.json"