what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2024-28834

Status Candidate

Overview

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Related Files

Red Hat Security Advisory 2024-2889-03
Posted May 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2889-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | f2c2e37fa3d2c87ac74cef3a0011830b8dd61e027b9f9dd6ad3e0a4b4b07e51e
Red Hat Security Advisory 2024-2570-03
Posted May 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2570-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 4f5fdebfac04b238283506657521db5cd5b334df6d2fccbe0862ec809af45c7e
Ubuntu Security Notice USN-6733-2
Posted Apr 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | ddfa9b53cf55c5c796be4d398f38aed182745e8f5742e95f3b46d0343f9fcb73
Red Hat Security Advisory 2024-2044-03
Posted Apr 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2044-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 10771e9b977cbe58a4f41f789a99bbe77865dca52083d9c0193a11cc6001cf16
Red Hat Security Advisory 2024-1997-03
Posted Apr 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1997-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 50e84b2e154c121cee01b875691addf55560bb0e96846ffd4a182db991c49252
Red Hat Security Advisory 2024-1879-03
Posted Apr 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 6d8e6f9e5dfba8b13a681f3c306557227f9eeac671925f3dcc514d4eb10f5e2e
Ubuntu Security Notice USN-6733-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584d
Red Hat Security Advisory 2024-1784-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1784-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 3704f7681fcb98c2ef4644550c22ee9b60ac0ce4e8cb4b7e49563fcce13701fd
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close