ALSA-2024:1784

[ALSA-2024:1784] Moderate: gnutls security update

Type:

security

Severity:

moderate

Release date:

2024-04-12

Description:

The gnutls package provide the GNU Transport Layer Security (GnuTLS) library,
which implements cryptographic algorithms and protocols such as SSL, TLS, and
DTLS.

This package update fixes a timing side-channel in deterministic ECDSA.

Security Fix(es):

* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gnutls-dane-3.6.16-8.el8_9.3.aarch64.rpm	0601ee7533cadb7381ab26a943c04e1640de7b295212febfe1a9c2156724a3d3
aarch64	gnutls-c++-3.6.16-8.el8_9.3.aarch64.rpm	1a50ef56a64a1c4f5d7567b4d678a0df00ad603ae64a35a8431f04133deb3379
aarch64	gnutls-utils-3.6.16-8.el8_9.3.aarch64.rpm	2a4c2d8f3cee30966ba801ecfd242720ed63339121182c8df618d49d16b8145c
aarch64	gnutls-devel-3.6.16-8.el8_9.3.aarch64.rpm	72651d081c8a48853aa101e6db36870dba8cc39252f918d6d85ceecf75108077
aarch64	gnutls-3.6.16-8.el8_9.3.aarch64.rpm	9fc60b98e461e4e2d5dd0d469cefb0d4dd0bde5173fde21db7e31f250679eace
i686	gnutls-3.6.16-8.el8_9.3.i686.rpm	45e8ec78985b445728fe434112df3f4d0ec9a312da12e05b86f3169d9ecc4393
i686	gnutls-devel-3.6.16-8.el8_9.3.i686.rpm	46acafa2120951e71650164215476fb26d685ad60db8add0b0e4272542b3ff81
i686	gnutls-c++-3.6.16-8.el8_9.3.i686.rpm	8f2f6213bdb0e35d2b3386453e69022f000a672ab1a372bc244b98e0f1803b01
i686	gnutls-dane-3.6.16-8.el8_9.3.i686.rpm	cf0eb99575634316be62aac40dd2949df896d41e977a95cca7e744dd048e6942
ppc64le	gnutls-c++-3.6.16-8.el8_9.3.ppc64le.rpm	08df7fb2174348bf17a07e3dd56d29a2911018f586ac68f9ad468006d4acb158
ppc64le	gnutls-dane-3.6.16-8.el8_9.3.ppc64le.rpm	5293c61bc0fad67780e025ce249479eea7130d34941c63adf3395ab9d1cf8bad
ppc64le	gnutls-devel-3.6.16-8.el8_9.3.ppc64le.rpm	60cfea3cb8e33acfef1dc66519f120922388cfeda9bf780a0017ad079efc86f4
ppc64le	gnutls-utils-3.6.16-8.el8_9.3.ppc64le.rpm	e3129a4d6748ece3407e4110ffc3ac66e48fa318aa6df242188234651e83883f
ppc64le	gnutls-3.6.16-8.el8_9.3.ppc64le.rpm	e51f3b7034b76ef45bee464f447de1d33ca087439aa17dfabd00749147396bdf
s390x	gnutls-devel-3.6.16-8.el8_9.3.s390x.rpm	4aa9f5484312c7d0abfc207880f851e2d834531ce170797c4159b703dc1e259b
s390x	gnutls-3.6.16-8.el8_9.3.s390x.rpm	4dfc9c1c09440f27d58869487072a5e2feb123665a0c2f2f02053fcb6d6caf1b
s390x	gnutls-utils-3.6.16-8.el8_9.3.s390x.rpm	845328170260b9684040eadc65c5658479551bad2a17e730270e6eb8dd83a46c
s390x	gnutls-dane-3.6.16-8.el8_9.3.s390x.rpm	abeeee38436479824de9ba8be8b99d3d1f51147cdd426a865775afa5c3a960fa
s390x	gnutls-c++-3.6.16-8.el8_9.3.s390x.rpm	c3879e26eeeb80b5aa5469c3f543c2f299121fdb574d15a0f178aab55ed6bbad
x86_64	gnutls-dane-3.6.16-8.el8_9.3.x86_64.rpm	49ab1967e691dc4cc4f08a92f49c815108dc5480141b6c9bcbc93d85e97af727
x86_64	gnutls-c++-3.6.16-8.el8_9.3.x86_64.rpm	7e4595c2159592b850f320046b112dd707cc567cc8824b24ec2efd673e34f74b
x86_64	gnutls-3.6.16-8.el8_9.3.x86_64.rpm	8684f5d4dbfdbdb52df576d216a6c7a3585d2b92b22d6e210a9206a776be3a61
x86_64	gnutls-devel-3.6.16-8.el8_9.3.x86_64.rpm	9a4be02ad0f21a9759988b48e1a255f2880151d3e11c573769aada1fd353f21c
x86_64	gnutls-utils-3.6.16-8.el8_9.3.x86_64.rpm	c84778824f00a01fbd0c12e54e9bec6871636a8b45cb453832939709bbf03009

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.