Описание
Security update for gnutls
This update for gnutls fixes the following issues:
Security issues fixed:
- CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks (PRIME + PROBE) (bsc#1105460).
- CVE-2017-10790: Fixed a denial of service in the _asn1_check_identifier() function (bsc#1047002).
Список пакетов
SUSE Linux Enterprise High Availability Extension 11 SP4
libgnutls-extra26-2.4.1-24.39.76.1
Ссылки
- Link for SUSE-SU-2019:14058-1
- E-Mail link for SUSE-SU-2019:14058-1
- SUSE Security Ratings
- SUSE Bug 1047002
- SUSE Bug 1105460
- SUSE CVE CVE-2017-10790 page
- SUSE CVE CVE-2018-10846 page
Описание
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.76.1
Ссылки
- CVE-2017-10790
- SUSE Bug 1047002
- SUSE Bug 1047453
Описание
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 11 SP4:libgnutls-extra26-2.4.1-24.39.76.1
Ссылки
- CVE-2018-10846
- SUSE Bug 1105460