[CLSA-2025:1749479602] gnutls: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2025-06-09 14:33:27 UTC
Description:
- Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use _gnutls_switch_lib_state for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side channel attacks. - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack. - CVE-2024-0553: minimize branching after decryption.
Updated packages:
  • gnutls-3.3.29-9.el7_6.tuxcare.els1.i686.rpm
    sha:d5bf0696d773b7441b8fb1018d3d2e9070e86b2366f8782b793c879c92aa051a
  • gnutls-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm
    sha:7dfb0534f7cbf5686fb904b7115fb6b2f7f56b0c35716e65e33197cf9566f3ae
  • gnutls-c++-3.3.29-9.el7_6.tuxcare.els1.i686.rpm
    sha:197d9b2ce621b1d0c83e5353457d9b0bf5bd468f3edeccaeb4f5591f64412f73
  • gnutls-c++-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm
    sha:e8275b6af9bfd9bfff4dced62cdccf6e077a6707d4f0b80f3891cb72058c6a26
  • gnutls-dane-3.3.29-9.el7_6.tuxcare.els1.i686.rpm
    sha:06682831492f1b05d0f56aaf0dd20e89e3157f1e4d6d75435209802055e31645
  • gnutls-dane-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm
    sha:9f7a01039aca3a7c82eced86053c51dbdbcf3ab0692266a712a3c6f88c98281a
  • gnutls-devel-3.3.29-9.el7_6.tuxcare.els1.i686.rpm
    sha:35fbb7093d9a4da1f1b6de893e6a126788f78572c3d3b73c1f40569d625a29cb
  • gnutls-devel-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm
    sha:fc294a5c4ca515ca75d3f659484da85130459d75da564073df1cdd5687feb8a0
  • gnutls-utils-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm
    sha:1bb958c0f5875aff64a5141dc020306ae79ef066329394e4223ec52b4faa6836
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.