rpm package
opensuse/gnutls&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3836 | — | < 3.6.7-lp150.9.1 | 3.6.7-lp150.9.1 | Apr 1, 2019 | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | ||
| CVE-2019-3829 | — | < 3.6.7-lp150.9.1 | 3.6.7-lp150.9.1 | Mar 27, 2019 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | ||
| CVE-2018-16868 | — | < 3.6.7-lp150.9.1 | 3.6.7-lp150.9.1 | Dec 3, 2018 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som |
- CVE-2019-3836Apr 1, 2019affected < 3.6.7-lp150.9.1fixed 3.6.7-lp150.9.1
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
- CVE-2019-3829Mar 27, 2019affected < 3.6.7-lp150.9.1fixed 3.6.7-lp150.9.1
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
- CVE-2018-16868Dec 3, 2018affected < 3.6.7-lp150.9.1fixed 3.6.7-lp150.9.1
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som