Security update for gnutls
This update for gnutls fixes the following issues:
Security issues fixed:
- Improved mitigations against Lucky 13 class of attacks
- CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack
can lead to plaintext recovery (bsc#1105460)
- CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use
of wrong constant (bsc#1105459)
- CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
enough dummy function calls (bsc#1105437)
- CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL
pointer dereference and crash (bsc#1047002)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#1105437
VUL-0: CVE-2018-10844: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls
bnc#1105460
VUL-0: CVE-2018-10846: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery
bnc#1105459
VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant
bnc#1047002
VUL-1: CVE-2017-10790: gnutls: The _asn1_check_identifier function in GNU Libtasn1 before 4.12(including 4.12) causes a NULL pointer dereference and crash
