Fedora 28 : gnutls (2019-24dc022a51)

Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora Update for gnutls FEDORA-2019-24dc022a51

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1005)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

Fedora 29 : gnutls (2018-79f7540a1e)

Update to upstream 3.6.5 release - Security fix for CVE-2018-16868 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)

This update for gnutls fixes the following security issues : Improved mitigations against Lucky 13 class of attacks CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen atta...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2018-1444)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...

[SECURITY] Fedora 29 Update: gnutls-3.6.5-1.fc29

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, OpenPGP and...

Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in GnuTLS. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-10846 DESCRIPTION: GnuTLS could allow a local authenticated attacker to obtain sensitive information, caused by a cache-based side channel issue. By using ...

CentOS 7 : gnutls (CESA-2018:3050)

An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

gnutls security update

CentOS Errata and Security Advisory CESA-2018:3050 An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Amazon Linux 2 : gnutls (ALAS-2018-1120)

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gnutls-3.6.5-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Bleichenbacher-like side channel leakage in PKCS1 1.5...

Medium: gnutls

Issue Overview: It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted...

Slackware 14.2 / current : gnutls (SSA:2018-339-01)

New gnutls packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-339-01. The text itself is copyright C Slackware Linux, Inc...

GnuTLS Information Disclosure Vulnerability

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in the method of handling the validation of RSA decrypted data PKCS1 v1.5 version in GnuTLS. An attacker could exploit this vulnerability to extract plaintext information o...

UBUNTU-CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

DEBIAN-CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

Cross site scripting

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...