Уязвимость CVE-2024-0567: Информация
Описание
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
gnutls30 | sisyphus | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1258-1 | 338392 | Исправлено |
gnutls30 | sisyphus_e2k | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1280-1 | - | Исправлено |
gnutls30 | sisyphus_riscv64 | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-2878-1 | - | Исправлено |
gnutls30 | sisyphus_loongarch64 | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1444-1 | - | Исправлено |
gnutls30 | p10 | 3.6.16-alt5 | 3.6.16-alt6 | ALT-PU-2024-4754-3 | 343952 | Исправлено |
gnutls30 | p10_e2k | 3.6.16-alt5 | 3.6.16-alt6 | ALT-PU-2024-6414-1 | - | Исправлено |
gnutls30 | p9 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-4913-2 | 343958 | Исправлено |
gnutls30 | c10f1 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-6430-2 | 344988 | Исправлено |
gnutls30 | c9f2 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-4977-3 | 344277 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://access.redhat.com/security/cve/CVE-2024-0567 |
|
RHBZ#2258544 |
|
https://gitlab.com/gnutls/gnutls/-/issues/1521 |
|
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html |
|
http://www.openwall.com/lists/oss-security/2024/01/19/3 |
|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ | |
RHSA-2024:0533 | |
https://security.netapp.com/advisory/ntap-20240202-0011/ | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ | |
RHSA-2024:1082 |