ALT-PU-2023-7523-2
Closed vulnerabilities
Published: 2023-11-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://www.openwall.com/lists/oss-security/2024/01/19/3
- RHSA-2024:0155
- RHSA-2024:0155
- RHSA-2024:0319
- RHSA-2024:0319
- RHSA-2024:0399
- RHSA-2024:0399
- RHSA-2024:0451
- RHSA-2024:0451
- RHSA-2024:0533
- RHSA-2024:0533
- RHSA-2024:1383
- RHSA-2024:1383
- RHSA-2024:2094
- RHSA-2024:2094
- https://access.redhat.com/security/cve/CVE-2023-5981
- https://access.redhat.com/security/cve/CVE-2023-5981
- RHBZ#2248445
- RHBZ#2248445
- https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
- https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
Closed bugs
CVE-2023-5981 для закрытия необходимо обновление до версии 3.8.2