gnutls: fix CVE-2024-28834 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2024-04-19 14:10:59 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-05-02 06:21:09 -0700
commit	65303b3236d7eb31a27a8a4e59c1004077725b5b (patch)
tree	1191e63735ea1f84b2bf8710ebda8c41f1c59a01 /scripts/lib/devtool/utilcmds.py
parent	31751bba1c789f15f574773a659b8017d7bcf440 (diff)
download	poky-65303b3236d7eb31a27a8a4e59c1004077725b5b.tar.gz

gnutls: fix CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. (From OE-Core rev: 18c4f65934331da48c597201c33334578e91a45d) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/utilcmds.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: