Date: Mon, 20 Nov 2023 11:48:11 -0800 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com Subject: GNUTLS-SA-2023-10-23, CVE-2023-5981: timing sidechannel in RSA-PSK key exchange https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 reports: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as https://gitlab.com/gnutls/gnutls/-/issues/1511 https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html announced the release of version 3.8.2 with a fix for this vulnerability. -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.