SUSE-SU-2024:1179-1

This update for gnutls fixes the following issues:

Security issues fixed:

• CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
• CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
• CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862).
• CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865).

FIPS 140-3 certification related bugs fixed:

• FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146)
• FIPS: Make XTS key check failure not fatal (bsc#1203779)
• FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183]
• FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346]
• FIPS: Make the jitterentropy calls thread-safe (bsc#1208146).
• FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183).
• FIPS: Fix pct_test() return code in case of error (bsc#1207183)

• FIPS: Establish PBKDF2 additional requirements [bsc#1209001]

  • Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
  • Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
  • Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
  • Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
  • Add regression tests for the new PBKDF2 requirements.

Other issues fixed:

• Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems.
• Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562]