Bugzilla – Bug 1217277
VUL-0: CVE-2023-5981: gnutls: side channel attack in RSA-PSK
Last modified: 2024-04-09 20:30:12 UTC
https://gitlab.com/gnutls/gnutls/-/commit/bc09ff9e5167586bbd6998591feef29973ea0ba1 * Version 3.8.2 (released 2023-11-14) ** libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as #1511.
https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d
Factory submission: https://build.opensuse.org/request/show/1127286
SUSE-SU-2023:4952-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1208143, 1217277 CVE References: CVE-2023-0361, CVE-2023-5981 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): gnutls-3.6.7-150000.6.50.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): gnutls-3.6.7-150000.6.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): gnutls-3.6.7-150000.6.50.1 SUSE CaaS Platform 4.0 (src): gnutls-3.6.7-150000.6.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4986-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1217277 CVE References: CVE-2023-5981 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): gnutls-3.6.7-150200.14.28.1 SUSE Enterprise Storage 7.1 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Micro 5.1 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Micro 5.2 (src): gnutls-3.6.7-150200.14.28.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): gnutls-3.6.7-150200.14.28.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4983-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1217277 CVE References: CVE-2023-5981 Sources used: openSUSE Leap 15.4 (src): gnutls-3.7.3-150400.4.38.1 openSUSE Leap Micro 5.4 (src): gnutls-3.7.3-150400.4.38.1 openSUSE Leap 15.5 (src): gnutls-3.7.3-150400.4.38.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): gnutls-3.7.3-150400.4.38.1 SUSE Linux Enterprise Micro 5.4 (src): gnutls-3.7.3-150400.4.38.1 SUSE Linux Enterprise Micro 5.5 (src): gnutls-3.7.3-150400.4.38.1 Basesystem Module 15-SP4 (src): gnutls-3.7.3-150400.4.38.1 Basesystem Module 15-SP5 (src): gnutls-3.7.3-150400.4.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
To fix this potential side channel attack in older versions, we need to back port the function gnutls_privkey_decrypt_data2(), which was added in gnutls version 3.6.5, see [0]. This function requires also a libnettle that implements the function nettle_rsa_sec_decrypt() that was introduced in libnettle 3.4.1, see [1]. None of these functions are implemented in codestreams older than SLE-15 so a complete fix for SLE-12* codestreams would need to include several functions in both gnutls and libnettle. Please, let me know if we want to do that in SLE-12-SP5 (gnutls 3.4.17 and libnettle 3.1) or if we opt for a wontfix here. TIA [0] https://gitlab.com/gnutls/gnutls/-/commit/4804febd [1] https://gitlab.com/gnutls/nettle/-/commit/bfda54ee
The patchsize seems managable, so I would try for a backport of this new functionality.
(In reply to Marcus Meissner from comment #13) > The patchsize seems managable, so I would try for a backport of this new > functionality. The required code changes in gnutls also require the side-channel functionality to be backported in nettle and gmp from newer version. I tried to list the minimal changes but I lost track of the large amount of changes. I could try adding the functionality to gnutls, nettle and gmp but that would require a lot of time/work. Those versions do not have much of the required side-channel protections. Please, advise here. TIA
SUSE-SU-2024:1179-1: An update that solves four vulnerabilities, contains one feature and has eight security fixes can now be installed. Category: security (important) Bug References: 1202146, 1203299, 1203779, 1207183, 1207346, 1208143, 1208146, 1208237, 1209001, 1217277, 1218862, 1218865 CVE References: CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567 Jira References: PED-1562 Maintenance Incident: [SUSE:Maintenance:33235](https://smelt.suse.de/incident/33235/) Sources used: SUSE Linux Enterprise Micro for Rancher 5.3 (src): gnutls-3.7.3-150400.1.3.1 SUSE Linux Enterprise Micro 5.3 (src): gnutls-3.7.3-150400.1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.