-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gnutls security and bug fix update Advisory ID: RHSA-2023:1200-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1200 Issue date: 2023-03-14 CVE Names: CVE-2023-0361 ===================================================================== 1. Summary: An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: timing side-channel in the TLS RSA key exchange code (CVE-2023-0361) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * CCM tag length should be limited to known values (BZ#2144536) * In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator (BZ#2144538) * dracut-cmdline[554]: Error in GnuTLS initialization: Error while performing self checks i FIPS mode (BZ#2149641) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2144538 - In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator [rhel-9.0.0.z] 2149641 - dracut-cmdline[554]: Error in GnuTLS initialization: Error while performing self checks i FIPS mode [rhel-9.0.0.z] 2162596 - CVE-2023-0361 gnutls: timing side-channel in the TLS RSA key exchange code 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.9.0): aarch64: gnutls-c++-3.7.6-18.el9_0.aarch64.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-dane-3.7.6-18.el9_0.aarch64.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-debugsource-3.7.6-18.el9_0.aarch64.rpm gnutls-devel-3.7.6-18.el9_0.aarch64.rpm gnutls-utils-3.7.6-18.el9_0.aarch64.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.aarch64.rpm ppc64le: gnutls-c++-3.7.6-18.el9_0.ppc64le.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-dane-3.7.6-18.el9_0.ppc64le.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-debugsource-3.7.6-18.el9_0.ppc64le.rpm gnutls-devel-3.7.6-18.el9_0.ppc64le.rpm gnutls-utils-3.7.6-18.el9_0.ppc64le.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.ppc64le.rpm s390x: gnutls-c++-3.7.6-18.el9_0.s390x.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-dane-3.7.6-18.el9_0.s390x.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-debugsource-3.7.6-18.el9_0.s390x.rpm gnutls-devel-3.7.6-18.el9_0.s390x.rpm gnutls-utils-3.7.6-18.el9_0.s390x.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.s390x.rpm x86_64: gnutls-c++-3.7.6-18.el9_0.i686.rpm gnutls-c++-3.7.6-18.el9_0.x86_64.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-dane-3.7.6-18.el9_0.i686.rpm gnutls-dane-3.7.6-18.el9_0.x86_64.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-debugsource-3.7.6-18.el9_0.i686.rpm gnutls-debugsource-3.7.6-18.el9_0.x86_64.rpm gnutls-devel-3.7.6-18.el9_0.i686.rpm gnutls-devel-3.7.6-18.el9_0.x86_64.rpm gnutls-utils-3.7.6-18.el9_0.x86_64.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v.9.0): Source: gnutls-3.7.6-18.el9_0.src.rpm aarch64: gnutls-3.7.6-18.el9_0.aarch64.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-debuginfo-3.7.6-18.el9_0.aarch64.rpm gnutls-debugsource-3.7.6-18.el9_0.aarch64.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.aarch64.rpm ppc64le: gnutls-3.7.6-18.el9_0.ppc64le.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-debuginfo-3.7.6-18.el9_0.ppc64le.rpm gnutls-debugsource-3.7.6-18.el9_0.ppc64le.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.ppc64le.rpm s390x: gnutls-3.7.6-18.el9_0.s390x.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-debuginfo-3.7.6-18.el9_0.s390x.rpm gnutls-debugsource-3.7.6-18.el9_0.s390x.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.s390x.rpm x86_64: gnutls-3.7.6-18.el9_0.i686.rpm gnutls-3.7.6-18.el9_0.x86_64.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-c++-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-dane-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-debuginfo-3.7.6-18.el9_0.x86_64.rpm gnutls-debugsource-3.7.6-18.el9_0.i686.rpm gnutls-debugsource-3.7.6-18.el9_0.x86_64.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.i686.rpm gnutls-utils-debuginfo-3.7.6-18.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBCPc9zjgjWX9erEAQiS3w/9Fywdq/AH1TOG8EC/tPaoE7RtFJ9iZs1l 6PsYI2V+f41X+UZ2MaBE6rDGZdhtPl/P2z9h+L+ZsHFZYdlanB9HPemLHUJWMyHa DtqqQZ8/At6GhAqJTpfpYPvTMHiIz0CVZHVuGc+5KLwdc2+SUFzu0YJt/+YvcijX oCcgy1U2/VudLbYV5SVkyuKp9KpoCiyhsiJ7UOBQgAG5FRcH38NTEbPvijoZRkOB PGv3feT9j1e0RDtDiQn1JqyTghVirjfRpenruRtKrThfz3swGy9xhQxTURNj2aSi jQ3U+9NqK/iepL3Emk3CmCxpA8l55MxNmjDMWIUnKY4PyQ437p7FxGsV36XWZO2/ YpWfqH9nmG9bcWrxHVHCT+pQXPkU/mUKMdY9cOqCwvalFd6PMwaqahPH7ktgkoid /x00R7OuMeUuwe322lwZtyUEFqezt8bkt90zKNCIDmNPP6xiP6qFSCH6QzOd5yZc VjrDM6yY3HN0eEjh4gFB7n+Eo2ZNt1qd6IZ8rsb16EoZLK8OduceZsdy1d02iJEF rhBsrMr3EAERsrh/puJJseMNf/8zasDmJO8HKdkT5oM/AytRFMr6ZmPRwa/5FdDc CDAa71j/YXat956IeLY8Cfwq1zeAjkhrLttixnW5jCPIzanmiYAByAmqIRg4OmIv JjPA/MVNi+c= =7938 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce