SUSE-SU-2018:2930-1 -- SLES gnutls, libgnutls-devel, libgnutls30, libgnutlsxx-devel, libgnutlsxx28ID: oval:org.secpod.oval:def:89049718 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
gnutls |
libgnutls-devel |
libgnutls30 |
libgnutlsxx-devel |
libgnutlsxx28 |