-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2018-83a8fcf606 2018-10-18 03:01:30.845908 --------------------------------------------------------------------------------
Name : gnutls30 Product : Fedora EPEL 6 Version : 3.5.19 Release : 1.el6 URL : https://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. -------------------------------------------------------------------------------- Update Information: Updated to 3.5.19 ---- Updated to 3.5.18 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1619524 - CVE-2018-10846 gnutls30: gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1619524 [ 2 ] Bug #1619519 - CVE-2018-10845 gnutls30: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1619519 [ 3 ] Bug #1619512 - CVE-2018-10844 gnutls30: gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1619512 [ 4 ] Bug #1459797 - CVE-2017-7507 gnutls30: gnutls: Crash upon receiving well-formed status_request extension [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1459797 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update gnutls30' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ epel-package-announce mailing list -- epel-package-announce@lists.fedoraproject.org To unsubscribe send an email to epel-package-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-package-announce@lists.fedoraproject.org