|Category:||SuSE Local Security Checks|
|Title:||SuSE Update for gnutls openSUSE-SU-2018:2854-1 (gnutls)|
|Summary:||The remote host is missing an update for the 'gnutls'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'gnutls'
package(s) announced via the referenced advisory.
This update for gnutls fixes the following issues:
Security issues fixed:
- Improved mitigations against Lucky 13 class of attacks
- CVE-2018-10846:'Just in Time' PRIME + PROBE cache-based side channel
attack can lead to plaintext recovery (bsc#1105460)
- CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to
of wrong constant (bsc#1105459)
- CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to
not enough dummy function calls (bsc#1105437)
- CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a
NULL pointer dereference and crash (bsc#1047002)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
To install this openSUSE Security Update use the SUSE recommended
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1049=1
gnutls on openSUSE Leap 42.3
Please install the updated packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-10790|
Common Vulnerability Exposure (CVE) ID: CVE-2018-10844
Common Vulnerability Exposure (CVE) ID: CVE-2018-10845
Common Vulnerability Exposure (CVE) ID: CVE-2018-10846
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.