CVE-2024-28834

Publication date 21 March 2024

Last updated 24 July 2024


Ubuntu priority

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Read the notes from the security team

Status

Package Ubuntu Release Status
gnutls28 24.04 LTS noble
Fixed 3.8.3-1.1ubuntu3.1
23.10 mantic
Fixed 3.8.1-4ubuntu1.3
22.04 LTS jammy
Fixed 3.7.3-4ubuntu1.5
20.04 LTS focal
Fixed 3.6.13-2ubuntu1.11
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected

Notes


mdeslaur

per Debian, introduced in 3.6.10

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
gnutls28