gnutls-3.3.29-8.el7

エラータID: AXSA:2019-3543:01

Release date: 
Friday, February 15, 2019 - 12:27
Subject: 
gnutls-3.3.29-8.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481)

Security Fix(es):

* gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844)

* gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845)

* gnutls: "Just in Time" PRIME PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-10844
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.3.29-8.el7.src.rpm
    MD5: 17e796c0e52eb9c043fd582e16f1aa9e
    SHA-256: ba3c648680c371a9f9b9c1e8f94fa131e1a8e1401477453346bf2ec10ec91a63
    Size: 9.50 MB

Asianux Server 7 for x86_64
  1. gnutls-3.3.29-8.el7.x86_64.rpm
    MD5: 7129fde31d9e689c3c0e2145f822cd47
    SHA-256: c409e8c9f922258e28198ca4dd30e8b5527952d6f5691e9336916ca9bfd9cd6f
    Size: 679.26 kB
  2. gnutls-c++-3.3.29-8.el7.x86_64.rpm
    MD5: aef1a8292ae5580dd9d3fcaccb860da6
    SHA-256: 850bef666b3ea73136e6b3ab8d4523822ee855333fbf73474667d4ffbe8fe393
    Size: 33.45 kB
  3. gnutls-dane-3.3.29-8.el7.x86_64.rpm
    MD5: 364667bb806d4bd47e209b997df91725
    SHA-256: 61c184ea53277d32e163993792a21b5bf2e05e5a212404592177daa45c64dddf
    Size: 34.61 kB
  4. gnutls-devel-3.3.29-8.el7.x86_64.rpm
    MD5: 076bd9a44f0b457b4f3b7fae479e413a
    SHA-256: 486dbc12eb1104fdcde1512205f50d179806f7a8ecb99155d0700d81609fa6bc
    Size: 1.39 MB
  5. gnutls-utils-3.3.29-8.el7.x86_64.rpm
    MD5: b4de2f388480f9d7ac3197dca4ca0485
    SHA-256: fc17400226d33efe54daaac4c8c5d718009b1a8c380f33f57122663d6395f5ef
    Size: 237.29 kB
  6. gnutls-3.3.29-8.el7.i686.rpm
    MD5: a4dd7fc1e05704d36dba59da50a3af80
    SHA-256: 563089f3e8f1bd2075a1c770222cfd305c75c24fdf70be8c57296d7693a5b61b
    Size: 648.32 kB
  7. gnutls-c++-3.3.29-8.el7.i686.rpm
    MD5: 662ccab617dc60003c84e12b5782916a
    SHA-256: 5063be52e2f584f07afa1fd4edc0f40953aa86e1ba87dcdcfdac44083efc1e11
    Size: 34.04 kB
  8. gnutls-dane-3.3.29-8.el7.i686.rpm
    MD5: 80b8d79439981e064a28401d608d3467
    SHA-256: 527a14bc55d5ef67ad4fbcee9263cf47fdf0794a114b9d5f41d91bef541fcf04
    Size: 34.55 kB
  9. gnutls-devel-3.3.29-8.el7.i686.rpm
    MD5: 37f3bfc0907d69f068ae03ff7990b516
    SHA-256: b795cc5c1876117ad17ca43c3c9890482538ac9723145115dc0899a365788c01
    Size: 1.39 MB