Oval Definition:oval:org.opensuse.security:def:84955
Revision Date:2018-09-24Version:1
Title:Security update for gnutls (Moderate)
Description:

This update for gnutls fixes the following issues:

Security issues fixed:

* - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002)
Family:unixClass:patch
Status:Reference(s):1047002
1105437
1105459
1105460
CVE-2017-10790
CVE-2018-10844
CVE-2018-10845
CVE-2018-10846
SUSE-SU-2018:2842-1
Platform(s):SUSE Linux Enterprise Server 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gnutls-3.3.27-3.3.1 is installed
  • OR libgnutls-openssl27-3.3.27-3.3.1 is installed
  • OR libgnutls28-3.3.27-3.3.1 is installed
  • OR libgnutls28-32bit-3.3.27-3.3.1 is installed
    • BACK