|
|
Subscribe / Log in / New account

Oracle alert ELSA-2018-3050 (gnutls)



From:
              Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
              el-errata@oss.oracle.com 


Subject:
              [El-errata] ELSA-2018-3050 Moderate: Oracle Linux 7 gnutls security, bug fix, and enhancement update 


Date:
              Tue, 6 Nov 2018 15:05:22 -0800


Message-ID:
              <6f4a25c2-9e01-fdc1-05bc-2b5de418bc7c@oracle.com>


Oracle Linux Security Advisory ELSA-2018-3050

http://linux.oracle.com/errata/ELSA-2018-3050.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
gnutls-3.3.29-8.0.1.el7.i686.rpm
gnutls-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-c++-3.3.29-8.0.1.el7.i686.rpm
gnutls-c++-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-dane-3.3.29-8.0.1.el7.i686.rpm
gnutls-dane-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-devel-3.3.29-8.0.1.el7.i686.rpm
gnutls-devel-3.3.29-8.0.1.el7.x86_64.rpm
gnutls-utils-3.3.29-8.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnutls-3.3.29-8.0...



Description of changes:

[3.3.29-8.0.1]
- Include ECDSA KAT into selftests for FIPS140-2 compliance [Orabug 
27484156]

[3.3.29-8]
- Backported --sni-hostname option which allows overriding the hostname
   advertised to the peer (#1444792)
- Improved counter-measures in TLS CBC record padding for lucky13 attack
   (CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
   (CVE-2018-10846, #1589708)
- Address p11tool issue in object deletion in batch mode (#1375307)
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
   unsupported features in 3.3.x (--load-pubkey and --test-sign options, 
ECC key
   generation without login, and certificates do not inherit ID from the 
private
   key)
- p11tool explicitly marks certificates and public keys as NOT private 
objects
   and private keys as private objects
- Enlarge buffer size to support resumption with large keys (#1542461)
- Legacy HMAC-SHA384 cipher suites were disabled by default
- Added DSA key generation to p11tool (#1464896)
- Address session renegotiation issue using client certificate (#1434091)
- Address issue when importing private keys into Atos HSM (#1460125)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds