Synopsis:          Moderate: gnutls security, bug fix, and enhancement 
Advisory ID:       SLSA-2018:3050-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-10844
                   CVE-2018-10845
                   CVE-2018-10846
--

Security Fix(es):

* gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
enough dummy function calls (CVE-2018-10844)

* gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of
wrong constant (CVE-2018-10845)

* gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can
lead to plaintext recovery (CVE-2018-10846)
--

SL7
  x86_64
    gnutls-3.3.29-8.el7.i686.rpm
    gnutls-3.3.29-8.el7.x86_64.rpm
    gnutls-dane-3.3.29-8.el7.i686.rpm
    gnutls-dane-3.3.29-8.el7.x86_64.rpm
    gnutls-debuginfo-3.3.29-8.el7.i686.rpm
    gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm
    gnutls-utils-3.3.29-8.el7.x86_64.rpm
    gnutls-c++-3.3.29-8.el7.i686.rpm
    gnutls-c++-3.3.29-8.el7.x86_64.rpm
    gnutls-devel-3.3.29-8.el7.i686.rpm
    gnutls-devel-3.3.29-8.el7.x86_64.rpm

- Scientific Linux Development Team