|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:2930-1)|
|Summary:||The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2018:2930-1 advisory.|
The remote host is missing an update for the 'gnutls' package(s) announced via the SUSE-SU-2018:2930-1 advisory.
This update for gnutls fixes the following security issues:
Improved mitigations against Lucky 13 class of attacks
CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel
attack can lead to plaintext recovery (bsc#1105460)
CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to
of wrong constant (bsc#1105459)
CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to
not enough dummy function calls (bsc#1105437)
CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a
NULL pointer dereference and crash (bsc#1047002)
'gnutls' package(s) on SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Basesystem 15
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2017-10790|
Common Vulnerability Exposure (CVE) ID: CVE-2018-10844
Common Vulnerability Exposure (CVE) ID: CVE-2018-10845
Common Vulnerability Exposure (CVE) ID: CVE-2018-10846
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.