CVE-2023-0361
Description
Moderate: gnutls security and bug fix update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description gnutls: timing side-channel in the TLS RSA key exchange code Red Hat statement The security flaw marked as medium as the Attack Complexity is high because a successful attack depends on conditions beyond the attacker's control and successful attack must required recovering the secret from the ClientKeyExchange message then only attacker can decrypt the application data. CVSS v3: 7.4โฆ
Description
gnutls: timing side-channel in the TLS RSA key exchange code
Red Hat statement
The security flaw marked as medium as the Attack Complexity is high because a successful attack depends on conditions beyond the attacker's control and successful attack must required recovering the secret from the ClientKeyExchange message then only attacker can decrypt the application data.
CVSS v3: 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | gnutls-0:3.6.16-6.el8_7 | RHSA-2023:1569 | 2023-04-04T00:00:00Z |
| Red Hat Enterprise Linux 8 | gnutls-0:3.6.16-6.el8_7 | RHSA-2023:1569 | 2023-04-04T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | gnutls-0:3.6.16-5.el8_6.1 | RHSA-2023:3361 | 2023-05-31T00:00:00Z |
| Red Hat Enterprise Linux 9 | gnutls-0:3.7.6-18.el9_1 | RHSA-2023:1141 | 2023-03-07T00:00:00Z |
| Red Hat Enterprise Linux 9 | gnutls-0:3.7.6-18.el9_1 | RHSA-2023:1141 | 2023-03-07T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | gnutls-0:3.7.6-18.el9_0 | RHSA-2023:1200 | 2023-03-14T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | gnutls | Out of support scope |
| Red Hat Enterprise Linux 7 | gnutls | Out of support scope |
Apply commands
yum update -y gnutls
# or:
dnf upgrade -y gnutlsOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | gnutls-utils-3.7.6-18.el9_1.ppc64le.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 3.7.8-5 |
| sid | Fixed | 3.7.8-5 |
| forky | Fixed | 3.7.8-5 |
| bullseye | Fixed | 3.7.1-5+deb11u3 |
| bookworm | Fixed | 3.7.8-5 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2023:1141
- https://errata.rockylinux.org/RLSA-2023:1569
- https://www.suse.com/security/cve/CVE-2023-0361.html
- https://security-tracker.debian.org/tracker/CVE-2023-0361
- https://errata.rockylinux.org/RLSA-2023:1141
- https://access.redhat.com/errata/RHSA-2023:1569
- https://bugzilla.redhat.com/2162596
- https://errata.almalinux.org/8/ALSA-2023-1569.html
- https://errata.almalinux.org/9/ALSA-2023-1141.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.