Lucene search

K

Gentoo FoundationMGASA-2024-0008

HistoryJan 15, 2024 - 1:23 a.m.

Updated gnutls packages fix a security vulnerability

2024-01-1501:23:43

Gentoo Foundation

advisories.mageia.org

14

gnutls

security vulnerability

rsa-psk

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.3%

The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. (CVE-2023-5981)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchgnutls< 3.8.0-2.1gnutls-3.8.0-2.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32547

gnutls.org/security-new.html#GNUTLS-SA-2023-10-23

www.openwall.com/lists/oss-security/2023/11/20/2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

42.3%

Related for MGASA-2024-0008

nessus58 redhatcve2 debian2 redos1 osv10 openvas27 nvd2 debiancve2 veracode1 rocky2 oraclelinux3 alpinelinux2 prion2 cvelist2 cve2 almalinux3 cloudfoundry1 ubuntu2 redhat33 ubuntucve2 photon3 f51 mageia1 fedora2 ibm5 hp2 ics1