gnutls (SL7)

Synopsis: Moderate: gnutls security, bug fix, and enhancement
Advisory ID: SLSA-2018:3050-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-10844
CVE-2018-10845
CVE-2018-10846
—

Security Fix(es):

* gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
enough dummy function calls (CVE-2018-10844)

* gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of
wrong constant (CVE-2018-10845)

* gnutls: “Just in Time” PRIME + PROBE cache-based side channel attack can
lead to plaintext recovery (CVE-2018-10846)
—

SL7
x86_64
gnutls-3.3.29-8.el7.i686.rpm
gnutls-3.3.29-8.el7.x86_64.rpm
gnutls-dane-3.3.29-8.el7.i686.rpm
gnutls-dane-3.3.29-8.el7.x86_64.rpm
gnutls-debuginfo-3.3.29-8.el7.i686.rpm
gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm
gnutls-utils-3.3.29-8.el7.x86_64.rpm
gnutls-c++-3.3.29-8.el7.i686.rpm
gnutls-c++-3.3.29-8.el7.x86_64.rpm
gnutls-devel-3.3.29-8.el7.i686.rpm
gnutls-devel-3.3.29-8.el7.x86_64.rpm

– Scientific Linux Development Team