openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0638-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.833476

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:0638-1)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2024:0638-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2024:0638-1 advisory.

Vulnerability Insight:
This update for gnutls fixes the following issues:

- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).

Affected Software/OS:
'gnutls' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-0553
RHBZ#2258412
https://bugzilla.redhat.com/show_bug.cgi?id=2258412
RHSA-2024:0533
https://access.redhat.com/errata/RHSA-2024:0533
RHSA-2024:0627
https://access.redhat.com/errata/RHSA-2024:0627
RHSA-2024:0796
https://access.redhat.com/errata/RHSA-2024:0796
RHSA-2024:1082
https://access.redhat.com/errata/RHSA-2024:1082
RHSA-2024:1108
https://access.redhat.com/errata/RHSA-2024:1108
http://www.openwall.com/lists/oss-security/2024/01/19/3
https://access.redhat.com/security/cve/CVE-2024-0553
https://gitlab.com/gnutls/gnutls/-/issues/1522
https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
https://security.netapp.com/advisory/ntap-20240202-0011/
Common Vulnerability Exposure (CVE) ID: CVE-2024-0567
RHBZ#2258544
https://bugzilla.redhat.com/show_bug.cgi?id=2258544
https://access.redhat.com/security/cve/CVE-2024-0567
https://gitlab.com/gnutls/gnutls/-/issues/1521

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.833476
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:0638-1)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2024:0638-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2024:0638-1 advisory. Vulnerability Insight: This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). Affected Software/OS: 'gnutls' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0553 RHBZ#2258412 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0533 RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0627 RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:0796 RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1082 RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1108 http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/security/cve/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.netapp.com/advisory/ntap-20240202-0011/ Common Vulnerability Exposure (CVE) ID: CVE-2024-0567 RHBZ#2258544 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://access.redhat.com/security/cve/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521
Copyright	Copyright (C) 2024 Greenbone AG