USN-6499-2: GnuTLS vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 18.04
Description
USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information. Update Instructions: Run `sudo pro fix USN-6499-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgnutls30 - 3.5.18-1ubuntu1.6+esm1 libgnutls28-dev - 3.5.18-1ubuntu1.6+esm1 libgnutlsxx28 - 3.5.18-1ubuntu1.6+esm1 gnutls-doc - 3.5.18-1ubuntu1.6+esm1 libgnutls-dane0 - 3.5.18-1ubuntu1.6+esm1 gnutls-bin - 3.5.18-1ubuntu1.6+esm1 libgnutls-openssl27 - 3.5.18-1ubuntu1.6+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.
Fixed VMware Products and Versions
- Platform Automation Toolkit
- 4.4.32 or greater
- 5.0.25 or greater
- 5.1.2 or greater
- Cflinuxfs3
- 0.3182.0 or greater
- Cflinuxfs4
- 1.61.0 or greater
- Operations Manager
- 2.10.69 or greater
- 3.0.22+LTS-T or greater
- Tanzu Greenplum for Kubernetes
- 2.0.0 or greater
- Jammy Stemcells
- 1.327 or greater
- 621.793 or greater
- CF Deployment
- 30.0.0 or greater
- Isolation Segment
- 2.11.45 or greater
- 2.13.30 or greater
- 4.0.15+LTS-T or greater
- 5.0.5 or greater
- VMware Tanzu Application Service for VMs
- 2.11.51 or greater
- 2.13.33 or greater
- 4.0.15+LTS-T or greater
- 5.0.6 or greater
References
https://ubuntu.com/security/notices/USN-6499-2
https://www.cloudfoundry.org/blog/usn-6499-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6499-2
History
2024-01-08: Initial vulnerability report published.