{"id":"SUSE-SU-2024:1271-2","summary":"Security update for gnutls","details":"This update for gnutls fixes the following issues:\n\n- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)\n- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)\n\nOther fixes:\n  - jitterentropy: Release the memory of the entropy collector when\n    using jitterentropy with phtreads as there is also a\n    pre-intitization done in the main thread (bsc#1221242)\n","modified":"2026-02-04T02:58:36.735244Z","published":"2024-06-03T13:00:49Z","related":["CVE-2024-28834","CVE-2024-28835"],"upstream":["CVE-2024-28834","CVE-2024-28835"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241271-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221242"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221746"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28835"}],"affected":[{"package":{"name":"gnutls","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}},{"package":{"name":"gnutls","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}},{"package":{"name":"gnutls","ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}},{"package":{"name":"gnutls","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}},{"package":{"name":"gnutls","ecosystem":"SUSE:Manager Proxy 4.3","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}},{"package":{"name":"gnutls","ecosystem":"SUSE:Manager Server 4.3","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.3-150400.4.44.1"}]}],"ecosystem_specific":{"binaries":[{"libgnutls30-32bit":"3.7.3-150400.4.44.1","gnutls":"3.7.3-150400.4.44.1","libgnutlsxx-devel":"3.7.3-150400.4.44.1","libgnutlsxx28":"3.7.3-150400.4.44.1","libgnutls30":"3.7.3-150400.4.44.1","libgnutls30-hmac":"3.7.3-150400.4.44.1","libgnutls30-hmac-32bit":"3.7.3-150400.4.44.1","libgnutls-devel":"3.7.3-150400.4.44.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1271-2.json"}}],"schema_version":"1.7.3"}