Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-3600

Опубликовано: 14 нояб. 2019
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2019-3600: gnutls security, bug fix, and enhancement update (MODERATE)

[3.6.8-8]

  • Use fallback random function for RSA blinding in FIPS selftests

[3.6.8-7]

  • Fix deterministic signature creation in selftests

[3.6.8-6]

  • Treat login error more gracefully when enumerating PKCS#11 tokens (#1705478)
  • Use deterministic ECDSA/DSA in FIPS selftests (#1716560)
  • Add gnutls_aead_cipher_{encrypt,decrypt}v2 functions (#1684461)

[3.6.8-5]

  • Avoid UB when encrypting session tickets

[3.6.8-4]

  • Add RNG continuous test under FIPS

[3.6.8-3]

  • Follow-up fix on multiple key updates handling (#1673975)

[3.6.8-2]

  • Run FIPS AES self-tests over overridden algorithms

[3.6.8-1]

  • Update to upstream 3.6.8 release

[3.6.5-4]

  • Fixed FIPS signatures self tests (#1680509)

[3.6.5-3]

  • Fixed CVE-2019-3829 (#1693285)
  • Fixed CVE-2019-3836 (#1693288)
  • Added explicit BuildRequires for nettle-devel >= 3.4.1

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.8-8.el8

gnutls-c++

3.6.8-8.el8

gnutls-dane

3.6.8-8.el8

gnutls-devel

3.6.8-8.el8

gnutls-utils

3.6.8-8.el8

Oracle Linux x86_64

gnutls

3.6.8-8.el8

gnutls-c++

3.6.8-8.el8

gnutls-dane

3.6.8-8.el8

gnutls-devel

3.6.8-8.el8

gnutls-utils

3.6.8-8.el8

Связанные CVE

CVE-2019-3836
CVE-2019-3829

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

openSUSE-SU-2019:1353-1

suse-cvrf
почти 7 лет назад

Security update for gnutls

suse-cvrf логотип

SUSE-SU-2019:1121-1

suse-cvrf
почти 7 лет назад

Security update for gnutls

ubuntu логотип

CVE-2019-3836

CVSS3: 5.9
ubuntu
почти 7 лет назад

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

redhat логотип

CVE-2019-3836

CVSS3: 5.9
redhat
почти 7 лет назад

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

nvd логотип

CVE-2019-3836

CVSS3: 5.9
nvd
почти 7 лет назад

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.