Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0089)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0089

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0089)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0089 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0089 advisory.

Vulnerability Insight:
The Minerva attack is a cryptographic vulnerability that exploits
deterministic behavior in systems like GnuTLS, leading to side-channel
leaks. In specific scenarios, such as when using the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable
step in nonce size from 513 to 512 bits, exposing a potential timing
side-channel. (CVE-2024-28834)
A flaw has been discovered in GnuTLS where an application crash can be
induced when attempting to verify a specially crafted .pem bundle using
the 'certtool --verify-chain' command. (CVE-2024-28835)

Affected Software/OS:
'gnutls' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:H/Au:S/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-28834
RHBZ#2269228
https://bugzilla.redhat.com/show_bug.cgi?id=2269228
RHSA-2024:1784
https://access.redhat.com/errata/RHSA-2024:1784
RHSA-2024:1879
https://access.redhat.com/errata/RHSA-2024:1879
RHSA-2024:1997
https://access.redhat.com/errata/RHSA-2024:1997
RHSA-2024:2044
https://access.redhat.com/errata/RHSA-2024:2044
RHSA-2024:2570
https://access.redhat.com/errata/RHSA-2024:2570
RHSA-2024:2889
https://access.redhat.com/errata/RHSA-2024:2889
http://www.openwall.com/lists/oss-security/2024/03/22/1
http://www.openwall.com/lists/oss-security/2024/03/22/2
https://access.redhat.com/security/cve/CVE-2024-28834
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
https://minerva.crocs.fi.muni.cz/
https://people.redhat.com/~hkario/marvin/
Common Vulnerability Exposure (CVE) ID: CVE-2024-28835
RHBZ#2269084
https://bugzilla.redhat.com/show_bug.cgi?id=2269084
https://access.redhat.com/security/cve/CVE-2024-28835

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0089
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0089)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0089 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2024-0089 advisory. Vulnerability Insight: The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. (CVE-2024-28834) A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the 'certtool --verify-chain' command. (CVE-2024-28835) Affected Software/OS: 'gnutls' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-28834 RHBZ#2269228 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 RHSA-2024:1784 https://access.redhat.com/errata/RHSA-2024:1784 RHSA-2024:1879 https://access.redhat.com/errata/RHSA-2024:1879 RHSA-2024:1997 https://access.redhat.com/errata/RHSA-2024:1997 RHSA-2024:2044 https://access.redhat.com/errata/RHSA-2024:2044 RHSA-2024:2570 https://access.redhat.com/errata/RHSA-2024:2570 RHSA-2024:2889 https://access.redhat.com/errata/RHSA-2024:2889 http://www.openwall.com/lists/oss-security/2024/03/22/1 http://www.openwall.com/lists/oss-security/2024/03/22/2 https://access.redhat.com/security/cve/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://people.redhat.com/~hkario/marvin/ Common Vulnerability Exposure (CVE) ID: CVE-2024-28835 RHBZ#2269084 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://access.redhat.com/security/cve/CVE-2024-28835
Copyright	Copyright (C) 2024 Greenbone AG