2258544 – (CVE-2024-0567) CVE-2024-0567 gnutls: rejects certificate chain with distributed trust

Bug 2258544 (CVE-2024-0567) - CVE-2024-0567 gnutls: rejects certificate chain with distributed trust

Summary: CVE-2024-0567 gnutls: rejects certificate chain with distributed trust

Keywords:
Status:	NEW
Alias:	CVE-2024-0567
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2258575 2258576
Blocks:	2258549
TreeView+	depends on / blocked

Reported:	2024-01-16 05:34 UTC by TEJ RATHI
Modified:	2024-03-26 13:30 UTC (History)
CC List:	3 users (show)
Fixed In Version:	GnuTLS 3.8.3
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:0533	0	None	None	None	2024-01-29 01:17:06 UTC
Red Hat Product Errata	RHSA-2024:1082	0	None	None	None	2024-03-05 08:16:42 UTC

Description TEJ RATHI 2024-01-16 05:34:52 UTC

Cockpit (which uses gnuTLS) rejects certificate chain with distributed trust.

https://gitlab.com/gnutls/gnutls/-/issues/1521

Comment 3 Sandipan Roy 2024-01-16 11:13:09 UTC

Created cockpit tracking bugs for this issue:

Affects: fedora-all [bug 2258575]


Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 2258576]

Comment 4 Martin Pitt 2024-01-17 02:30:26 UTC

Sandipan, what do you want Cockpit to do about this? This was a bug in GnuTLS, and there's a fix. Applying it to Fedora's and RHEL's gnutls packages should suffice to close this issue.

Comment 7 errata-xmlrpc 2024-01-29 01:17:05 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0533

Comment 8 errata-xmlrpc 2024-03-05 08:16:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1082

Note You need to log in before you can comment on or make changes to this bug.