Lucene search

K

Gentoo FoundationMGASA-2024-0036

HistoryFeb 15, 2024 - 2:02 a.m.

Updated quictls packages fix security vulnerabilities

2024-02-1502:02:34

Gentoo Foundation

advisories.mageia.org

22

quictls

security vulnerabilities

dh check

poly1305 mac

rsa public keys

pkcs12 decoding

cve-2023-5678

cve-2023-6129

cve-2023-6237

cve-2024-0727

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. (CVE-2023-5678) POLY1305 MAC implementation corrupts vector registers on PowerPC. (CVE-2023-6129) Excessive time spent checking invalid RSA public keys. (CVE-2023-6237) PKCS12 Decoding crashes. (CVE-2024-0727)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchquictls< 3.0.12-1.1quictls-3.0.12-1.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32498

bugs.mageia.org/show_bug.cgi?id=32794

www.openssl.org/news/secadv/20231106.txt

www.openssl.org/news/secadv/20240109.txt

www.openssl.org/news/secadv/20240115.txt

www.openssl.org/news/secadv/20240125.txt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

Related for MGASA-2024-0036