File _patchinfo of Package patchinfo.8613
<patchinfo incident="8613">
<issue tracker="bnc" id="1105437">VUL-0: CVE-2018-10844: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls</issue>
<issue tracker="bnc" id="1105460">VUL-0: CVE-2018-10846: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery</issue>
<issue tracker="bnc" id="1105459">VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant</issue>
<issue id="1047002" tracker="bnc">VUL-1: CVE-2017-10790: gnutls: The _asn1_check_identifier function in GNU Libtasn1 before 4.12(including 4.12) causes a NULL pointer dereference and crash</issue>
<issue id="2017-10790" tracker="cve" />
<issue tracker="cve" id="2018-10845"/>
<issue tracker="cve" id="2018-10844"/>
<issue tracker="cve" id="2018-10846"/>
<category>security</category>
<rating>moderate</rating>
<packager>vitezslav_cizek</packager>
<description>This update for gnutls fixes the following security issues:
- Improved mitigations against Lucky 13 class of attacks
- CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack
can lead to plaintext recovery (bsc#1105460)
- CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use
of wrong constant (bsc#1105459)
- CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
enough dummy function calls (bsc#1105437)
- CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL
pointer dereference and crash (bsc#1047002)
</description>
<summary>Security update for gnutls</summary>
</patchinfo>