SUSE-SU-2018:2930-1 -- SLES gnutls, libgnutls-devel, libgnutls30, libgnutlsxx-devel, libgnutlsxx28| ID: oval:org.secpod.oval:def:89049718 | Date: (C)2023-12-20 (M)2023-12-20 |
| Class: PATCH | Family: unix |
This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash
| Platform: |
| SUSE Linux Enterprise Server 15 |
| SUSE Linux Enterprise Desktop 15 |
| Product: |
| gnutls |
| libgnutls-devel |
| libgnutls30 |
| libgnutlsxx-devel |
| libgnutlsxx28 |
