Overview

File _patchinfo of Package patchinfo.8613

<patchinfo incident="8613">
  <issue tracker="bnc" id="1105437">VUL-0: CVE-2018-10844: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls</issue>
  <issue tracker="bnc" id="1105460">VUL-0: CVE-2018-10846: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery</issue>
  <issue tracker="bnc" id="1105459">VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant</issue>
  <issue id="1047002" tracker="bnc">VUL-1: CVE-2017-10790: gnutls: The _asn1_check_identifier function in GNU Libtasn1 before 4.12(including 4.12) causes a NULL pointer dereference and crash</issue>
  <issue id="2017-10790" tracker="cve" />
  <issue tracker="cve" id="2018-10845"/>
  <issue tracker="cve" id="2018-10844"/>
  <issue tracker="cve" id="2018-10846"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for gnutls fixes the following security issues:

- Improved mitigations against Lucky 13 class of attacks
- CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack
  can lead to plaintext recovery (bsc#1105460)
- CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use
  of wrong constant (bsc#1105459)
- CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
  enough dummy function calls (bsc#1105437)
- CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL
  pointer dereference and crash (bsc#1047002)
</description>
  <summary>Security update for gnutls</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places