CVE-2024-0567

Related Files

Ubuntu Security Notice USN-6593-1

Posted Jan 23, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6593-1 - It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled certain certificate chains with a cross-signing loop. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2024-0553, CVE-2024-0567

SHA-256 | 3bbd8b60bf24fb02c31deebbe0c2660004b5df5eb22635d170194dc1cefc57f3

Download | Favorite | View

GNU Transport Layer Security Library 3.8.3

Posted Jan 16, 2024

Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: libgnutls had multiple security fixes. They fixed more timing side-channel issues inside RSA-PSK key exchange. They fixed an assertion failure when verifying a certificate chain with a cycle of cross signatures. Fixed a regression in handling Ed25519 keys stored in PKCS#11 token certtool that was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.

tags | protocol, library

advisories | CVE-2024-0553, CVE-2024-0567

SHA-256 | f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e

Download | Favorite | View