RLSA-2024:1784

See a problem?

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2024:1784.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2024:1784

Related

CVE-2024-28834

Published

2024-05-06T13:04:07.180395Z

Modified

2024-05-06T13:06:52.194232Z

Summary

Moderate: gnutls security update

Details

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

This package update fixes a timing side-channel in deterministic ECDSA.

Security Fix(es):

gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://errata.rockylinux.org/RLSA-2024:1784

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/rocky-linux/gnutls?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.6.16-8.el8_9.3