Test ID:	1.3.6.1.4.1.25623.1.0.844030
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3999-1)
Summary:	The remote host is missing an update for the 'gnutls28' package(s) announced via the USN-3999-1 advisory.
Description:	Summary: The remote host is missing an update for the 'gnutls28' package(s) announced via the USN-3999-1 advisory. Vulnerability Insight: Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846) Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3829) It was discovered that GnuTLS incorrectly handled certain post-handshake messages. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3836) Affected Software/OS: 'gnutls28' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10, Ubuntu 19.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10844 105138 http://www.securityfocus.com/bid/105138 FEDORA-2020-d14280a6e8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/ FEDORA-2020-f90fb78f70 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/ RHSA-2018:3050 https://access.redhat.com/errata/RHSA-2018:3050 RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 USN-3999-1 https://usn.ubuntu.com/3999-1/ [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844 https://eprint.iacr.org/2018/747 https://gitlab.com/gnutls/gnutls/merge_requests/657 Common Vulnerability Exposure (CVE) ID: CVE-2018-10845 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845 Common Vulnerability Exposure (CVE) ID: CVE-2018-10846 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846 Common Vulnerability Exposure (CVE) ID: CVE-2019-3829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3ETBUFBB4G7AITAOUYPGXVMBGVXKUAN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7TJIBRJWGWSH6XIO2MXIQ3W6ES4R6I4/ https://security.gentoo.org/glsa/201904-14 https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 RedHat Security Advisories: RHSA-2019:3600 https://access.redhat.com/errata/RHSA-2019:3600 SuSE Security Announcement: openSUSE-SU-2019:1353 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2019-3836
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.