Synopsis: Moderate: gnutls security, bug fix, and enhancement Advisory ID: SLSA-2018:3050-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 -- Security Fix(es): * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) -- SL7 x86_64 gnutls-3.3.29-8.el7.i686.rpm gnutls-3.3.29-8.el7.x86_64.rpm gnutls-dane-3.3.29-8.el7.i686.rpm gnutls-dane-3.3.29-8.el7.x86_64.rpm gnutls-debuginfo-3.3.29-8.el7.i686.rpm gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm gnutls-utils-3.3.29-8.el7.x86_64.rpm gnutls-c++-3.3.29-8.el7.i686.rpm gnutls-c++-3.3.29-8.el7.x86_64.rpm gnutls-devel-3.3.29-8.el7.i686.rpm gnutls-devel-3.3.29-8.el7.x86_64.rpm - Scientific Linux Development Team