[gnutls-help] gnutls 3.8.0

Alexander Sosedkin asosedkin at redhat.com
Fri Feb 10 15:19:47 CET 2023


On Fri, Feb 10, 2023 at 3:05 PM Andreas Metzler <ametzler at bebt.de> wrote:
>
> On 2023-02-10 Zoltan Fridrich <zfridric at redhat.com> wrote:
> > Hello,
>
> > We have just released gnutls-3.8.0. This is a bug fix and enhancement
> > release on the 3.8.x branch.
> [...]
> > ** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
> > Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
> > [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
> [...]
>
> Hello,
>
> thank you.
>
> I gather from ther bug report that this probably affects at least all
> supported versions, i.e. 3.6.x and 3.7.x (< 3.7.9) - Can you confirm?
>
> TIA, cu Andreas

The problematic code is present in 3.6.5-3.6.16, 3.7.0-3.7.8.




More information about the Gnutls-help mailing list