Все бюллетени/sisyphus_loongarch64/ALT-PU-2024-4720-1
ALT-PU-2024-4720-1

Обновление пакета gnutls30 в ветке sisyphus_loongarch64

Версия3.8.4-alt1
Задание#0
Опубликовано2024-03-28
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (2)

CVE-2024-28834
MEDIUM5.3

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Опубликовано: 2024-03-21Изменено: 2026-04-15
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Ссылки
CVE-2024-28835
MEDIUM5.0

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

Опубликовано: 2024-03-21Изменено: 2026-04-15
CVSS 3.xСРЕДНЯЯ 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Ссылки