Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2024-28834

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 10 months, 3 weeks ago

Gnutls: vulnerable to minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

References

RHSA-2024:1784 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1879 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:1997 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:2044 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:2570 vendor-advisoryx_refsource_REDHATx_transferred
RHSA-2024:2889 vendor-advisoryx_refsource_REDHATx_transferred
https://access.redhat.com/security/cve/CVE-2024-28834 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2269228 issue-trackingx_transferredx_refsource_REDHAT
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html x_transferred
https://minerva.crocs.fi.muni.cz/ x_transferred
http://www.openwall.com/lists/oss-security/2024/03/22/1 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/22/2 x_transferred
https://people.redhat.com/~hkario/marvin/ x_transferred
https://security.netapp.com/advisory/ntap-20240524-0004/ x_transferred
https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html

Affected products

gnutls

*
==3.7.6-23
==3.8.4

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable 3.8.6
- nixpkgs-unstable 3.8.6
- nixos-unstable-small 3.8.6

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.python311Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable python3-gnutls-3.1.10
- nixpkgs-unstable python3-gnutls-3.1.10
- nixos-unstable-small python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>