Bugzilla – Bug 1221746
VUL-0: CVE-2024-28834: gnutls: side-channel in the deterministic ECDSA
Last modified: 2024-07-18 17:39:40 UTC
libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834] https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
Uostream: https://gitlab.com/gnutls/gnutls/commit/1c4701ff
deterministic ECDSA/DSA functions was introduced in https://gitlab.com/gnutls/gnutls/-/commit/e94ab6b703ee50ea020565e1b8729a9b1d524d84 and https://gitlab.com/gnutls/gnutls/-/commit/8eb3a29336ea11f6b417ce7e25d53513509bdd87. https://gitlab.com/gnutls/gnutls/-/issues/94 So considering not affected version before 3.6.10. Tracking as affected: - SUSE:ALP:Source:Standard:1.0/gnutls - SUSE:SLE-15-SP4:Update/gnutls - SUSE:SLE-15-SP4:Update:Products:Micro53:Update/gnutls Already fixed: - openSUSE:Factory/gnutls
SUSE-SU-2024:1271-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1221242, 1221746, 1221747 CVE References: CVE-2024-28834, CVE-2024-28835 Maintenance Incident: [SUSE:Maintenance:33311](https://smelt.suse.de/incident/33311/) Sources used: openSUSE Leap Micro 5.4 (src): gnutls-3.7.3-150400.4.44.1 openSUSE Leap 15.5 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Micro 5.4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Micro 5.5 (src): gnutls-3.7.3-150400.4.44.1 Basesystem Module 15-SP5 (src): gnutls-3.7.3-150400.4.44.1 openSUSE Leap 15.4 (src): gnutls-3.7.3-150400.4.44.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1271-2: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1221242, 1221746, 1221747 CVE References: CVE-2024-28834, CVE-2024-28835 Maintenance Incident: [SUSE:Maintenance:33311](https://smelt.suse.de/incident/33311/) Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): gnutls-3.7.3-150400.4.44.1 SUSE Manager Proxy 4.3 (src): gnutls-3.7.3-150400.4.44.1 SUSE Manager Retail Branch Server 4.3 (src): gnutls-3.7.3-150400.4.44.1 SUSE Manager Server 4.3 (src): gnutls-3.7.3-150400.4.44.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2546-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1221242, 1221746, 1221747 CVE References: CVE-2024-28834, CVE-2024-28835 Maintenance Incident: [SUSE:Maintenance:34785](https://smelt.suse.de/incident/34785/) Sources used: SUSE Linux Enterprise Micro for Rancher 5.3 (src): gnutls-3.7.3-150400.8.1 SUSE Linux Enterprise Micro 5.3 (src): gnutls-3.7.3-150400.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.