ALAS-2024-521

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. (CVE-2024-0567)

aarch64:
    gnutls-debuginfo-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-dane-debuginfo-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-c++-debuginfo-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-dane-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-utils-debuginfo-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-utils-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-c++-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-debugsource-3.8.0-378.amzn2023.0.4.aarch64
    gnutls-devel-3.8.0-378.amzn2023.0.4.aarch64

src:
    gnutls-3.8.0-378.amzn2023.0.4.src

x86_64:
    gnutls-utils-debuginfo-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-debuginfo-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-utils-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-c++-debuginfo-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-dane-debuginfo-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-debugsource-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-c++-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-dane-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-3.8.0-378.amzn2023.0.4.x86_64
    gnutls-devel-3.8.0-378.amzn2023.0.4.x86_64