Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 561
Alerts This Week
Warning Icon 1 561

SUSE Linux 12-SP3: 2018:2842-1 Moderate: Gnutls Fixes for Multiple Issues

suse
Calendar Grey September 24, 2018
Scroller Suse Esm H88
A recent release from SUSE addresses various security flaws in gnutls, bolstering the protection and reliability of systems.
An update that fixes four vulnerabilities is now available

Summary

This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

#1047002 #1105437 #1105459 #1105460

Cross- CVE-2017-10790 CVE-2018-10844 CVE-2018-10845

CVE-2018-10846

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-10790.html

https://www.suse.com/security/cve/CVE-2018-10844.html

https://www.suse.com/security/cve/CVE-2018-10845.html

https://www.suse.com/security/cve/CVE-2018-10846.html

https://bugzilla.suse.com/1047002

https://bugzilla.suse.com/1105437

https://bugzilla.suse.com/1105459

https://bugzilla.suse.com/1105460

Announcement ID: SUSE-SU-2018:2842-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.