File _patchinfo of Package patchinfo.8596

<patchinfo incident="8596">
  <issue tracker="bnc" id="1105437">VUL-0: CVE-2018-10844: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls</issue>
  <issue tracker="bnc" id="1105460">VUL-0: CVE-2018-10846: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery</issue>
  <issue tracker="bnc" id="1105459">VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant</issue>
  <issue tracker="bnc" id="1047002">VUL-1: CVE-2017-10790: gnutls: The _asn1_check_identifier function in GNU Libtasn1 before 4.12(including 4.12) causes a NULL pointer dereference and crash</issue>
  <issue tracker="cve" id="2018-10845"/>
  <issue tracker="cve" id="2018-10844"/>
  <issue tracker="cve" id="2017-10790"/>
  <issue tracker="cve" id="2018-10846"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for gnutls fixes the following issues:

This update for gnutls fixes the following issues:

Security issues fixed:

- Improved mitigations against Lucky 13 class of attacks
- "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460)
- HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459)
- HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437)
- The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002)
</description>
  <summary>Security update for gnutls</summary>
</patchinfo>