rpm package
suse/gnutls&distro=SUSE Linux Enterprise Module for Desktop Applications 15
pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3880 | — | < 3.6.2-6.5.4 | 3.6.2-6.5.4 | Apr 9, 2019 | A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh | ||
| CVE-2019-3836 | — | < 3.6.7-6.8.1 | 3.6.7-6.8.1 | Apr 1, 2019 | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | ||
| CVE-2019-3829 | — | < 3.6.7-6.8.1 | 3.6.7-6.8.1 | Mar 27, 2019 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | ||
| CVE-2018-16868 | — | < 3.6.7-6.8.1 | 3.6.7-6.8.1 | Dec 3, 2018 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som | ||
| CVE-2018-10846 | — | < 3.6.2-6.3.1 | 3.6.2-6.3.1 | Aug 22, 2018 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. | ||
| CVE-2018-10845 | — | < 3.6.2-6.3.1 | 3.6.2-6.3.1 | Aug 22, 2018 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | ||
| CVE-2018-10844 | — | < 3.6.2-6.3.1 | 3.6.2-6.3.1 | Aug 22, 2018 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | ||
| CVE-2017-10790 | Hig | 7.5 | < 3.6.2-6.3.1 | 3.6.2-6.3.1 | Jul 2, 2017 | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. |
- CVE-2019-3880Apr 9, 2019affected < 3.6.2-6.5.4fixed 3.6.2-6.5.4
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh
- CVE-2019-3836Apr 1, 2019affected < 3.6.7-6.8.1fixed 3.6.7-6.8.1
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
- CVE-2019-3829Mar 27, 2019affected < 3.6.7-6.8.1fixed 3.6.7-6.8.1
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
- CVE-2018-16868Dec 3, 2018affected < 3.6.7-6.8.1fixed 3.6.7-6.8.1
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som
- CVE-2018-10846Aug 22, 2018affected < 3.6.2-6.3.1fixed 3.6.2-6.3.1
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
- CVE-2018-10845Aug 22, 2018affected < 3.6.2-6.3.1fixed 3.6.2-6.3.1
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
- CVE-2018-10844Aug 22, 2018affected < 3.6.2-6.3.1fixed 3.6.2-6.3.1
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
- affected < 3.6.2-6.3.1fixed 3.6.2-6.3.1
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.