Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

SUSE: 2018:2930-1 Moderate: GnuTLS Update For Cache Attacks

suse
Calendar Grey September 28, 2018
Scroller Suse
SUSE has released a Security Update for gnutls addressing multiple vulnerabilities. The update's Advisory ID is SUSE-SU-2018:2930-1 and is rated as moderate severity
An update that fixes four vulnerabilities is now available

Summary

This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

#1047002 #1105437 #1105459 #1105460

Cross- CVE-2017-10790 CVE-2018-10844 CVE-2018-10845

CVE-2018-10846

Affected Products:

SUSE Linux Enterprise Module for Desktop Applications 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2017-10790.html

https://www.suse.com/security/cve/CVE-2018-10844.html

https://www.suse.com/security/cve/CVE-2018-10845.html

https://www.suse.com/security/cve/CVE-2018-10846.html

https://bugzilla.suse.com/1047002

https://bugzilla.suse.com/1105437

https://bugzilla.suse.com/1105459

https://bugzilla.suse.com/1105460

Announcement ID: SUSE-SU-2018:2930-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.