]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 087b7c5) | patch
gnutls: Backport fix for CVE-2024-0553
authorVijay Anusuri <vanusuri@mvista.com>
Tue, 23 Jan 2024 05:40:38 +0000 (11:10 +0530)
committerSteve Sakoman <steve@sakoman.com>
Tue, 23 Jan 2024 14:23:39 +0000 (04:23 -1000)
commita07cc0b6fa4a485f318fd2957e434b63f5907d7e
treef2424760de257866fd545d68cef253d0ecdfffdbtree
parent087b7c5d8363bcc6ae801d3ca18e6490e86a1381commit | diff
gnutls: Backport fix for CVE-2024-0553

CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch [new file with mode: 0644] blob
meta/recipes-support/gnutls/gnutls_3.6.14.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core