Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: 2018:2825-2 Moderate: gnutls Security Advisory for Linux

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
SUSE Security Bulletin: Urgent patches released for gnutls security flaws discovered. Update promptly for improved protection.
An update that fixes four vulnerabilities is now available

Summary

This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1047002 #1105437 #1105459 #1105460

Cross- CVE-2017-10790 CVE-2018-10844 CVE-2018-10845

CVE-2018-10846

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2017-10790.html

https://www.suse.com/security/cve/CVE-2018-10844.html

https://www.suse.com/security/cve/CVE-2018-10845.html

https://www.suse.com/security/cve/CVE-2018-10846.html

https://bugzilla.suse.com/1047002

https://bugzilla.suse.com/1105437

https://bugzilla.suse.com/1105459

https://bugzilla.suse.com/1105460

Announcement ID: SUSE-SU-2018:2825-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.