Oval Definition:	oval:com.redhat.rhsa:def:20183050
Revision Date: 2018-10-30 Version: 636 Title: RHSA-2018:3050: gnutls security, bug fix, and enhancement update (Moderate) Description: The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es): gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. Family: unix Class: patch Status: Reference(s): CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 RHSA-2018:3050 RHSA-2018:3050-01 Platform(s): Red Hat Enterprise Linux 7 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 7 is installed AND gnutls is earlier than 0:3.3.29-8.el7 AND gnutls is signed with Red Hat redhatrelease2 key gnutls-c++ is earlier than 0:3.3.29-8.el7 AND gnutls-c++ is signed with Red Hat redhatrelease2 key gnutls-dane is earlier than 0:3.3.29-8.el7 AND gnutls-dane is signed with Red Hat redhatrelease2 key gnutls-devel is earlier than 0:3.3.29-8.el7 AND gnutls-devel is signed with Red Hat redhatrelease2 key gnutls-utils is earlier than 0:3.3.29-8.el7 AND gnutls-utils is signed with Red Hat redhatrelease2 key
BACK