Advisories » MGASA-2024-0008

Updated gnutls packages fix a security vulnerability

Publication date: 14 Jan 2024
Modification date: 14 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5981

Description

The updated packages fix a security vulnerability:
A vulnerability was found that the response times to malformed
ciphertexts in RSA-PSK ClientKeyExchange differ from response times of
ciphertexts with correct PKCS#1 v1.5 padding. (CVE-2023-5981)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32547
• https://www.openwall.com/lists/oss-security/2023/11/20/2
• https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981

SRPMS

9/core

• gnutls-3.8.0-2.1.mga9