Stay Connected:

ELSA-2019-3600

ELSA-2019-3600 - gnutls security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2019-11-14

Description


[3.6.8-8]
- Use fallback random function for RSA blinding in FIPS selftests

[3.6.8-7]
- Fix deterministic signature creation in selftests

[3.6.8-6]
- Treat login error more gracefully when enumerating PKCS#11 tokens (#1705478)
- Use deterministic ECDSA/DSA in FIPS selftests (#1716560)
- Add gnutls_aead_cipher_{encrypt,decrypt}v2 functions (#1684461)

[3.6.8-5]
- Avoid UB when encrypting session tickets

[3.6.8-4]
- Add RNG continuous test under FIPS

[3.6.8-3]
- Follow-up fix on multiple key updates handling (#1673975)

[3.6.8-2]
- Run FIPS AES self-tests over overridden algorithms

[3.6.8-1]
- Update to upstream 3.6.8 release

[3.6.5-4]
- Fixed FIPS signatures self tests (#1680509)

[3.6.5-3]
- Fixed CVE-2019-3829 (#1693285)
- Fixed CVE-2019-3836 (#1693288)
- Added explicit BuildRequires for nettle-devel >= 3.4.1


Related CVEs


CVE-2019-3836
CVE-2019-3829

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) gnutls-3.6.8-8.el8.src.rpmd6c6d57d9770ccf6c387d76d958cd44938124aec9b0d9eb4dbd3e7598dbc6506-ol8_aarch64_appstream
gnutls-3.6.8-8.el8.src.rpmd6c6d57d9770ccf6c387d76d958cd44938124aec9b0d9eb4dbd3e7598dbc6506-ol8_aarch64_baseos_latest
gnutls-3.6.8-8.el8.aarch64.rpm7d75660307ca9b8323af608aa8b756841ad8ef4aa3d30555bc229394125fb392-ol8_aarch64_baseos_latest
gnutls-c++-3.6.8-8.el8.aarch64.rpm694aa121bc57e1ac45a3528f1a4c70b759c26c83f036a7c261dcdc3f30f5955f-ol8_aarch64_appstream
gnutls-dane-3.6.8-8.el8.aarch64.rpmc62857741ca764d148a582a3488e36d57039659a1ae2dcc835e12f193dc51dad-ol8_aarch64_appstream
gnutls-devel-3.6.8-8.el8.aarch64.rpm7979f969ab2fcf098b6b09dca5cc5a906fad24e453d3925427eb9c5e1628315d-ol8_aarch64_appstream
gnutls-utils-3.6.8-8.el8.aarch64.rpm648b385cfdd194e543d11653599ad98417ded1b131af549e1aeb0b0b1c8dc319-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) gnutls-3.6.8-8.el8.src.rpmd6c6d57d9770ccf6c387d76d958cd44938124aec9b0d9eb4dbd3e7598dbc6506-ol8_x86_64_appstream
gnutls-3.6.8-8.el8.src.rpmd6c6d57d9770ccf6c387d76d958cd44938124aec9b0d9eb4dbd3e7598dbc6506-ol8_x86_64_baseos_latest
gnutls-3.6.8-8.el8.src.rpmd6c6d57d9770ccf6c387d76d958cd44938124aec9b0d9eb4dbd3e7598dbc6506-ol8_x86_64_u1_baseos_base
gnutls-3.6.8-8.el8.i686.rpmd18a2551619ff370003df303a3ca3bcffa55766a409bdc2f3619ab471bce6d0c-ol8_x86_64_baseos_latest
gnutls-3.6.8-8.el8.i686.rpmd18a2551619ff370003df303a3ca3bcffa55766a409bdc2f3619ab471bce6d0c-ol8_x86_64_u1_baseos_base
gnutls-3.6.8-8.el8.x86_64.rpm0256a82a76d43eda81c55dc084e5448cc52ed15118445e7bab11acc0dc5fa391-ol8_x86_64_baseos_latest
gnutls-3.6.8-8.el8.x86_64.rpm0256a82a76d43eda81c55dc084e5448cc52ed15118445e7bab11acc0dc5fa391-ol8_x86_64_u1_baseos_base
gnutls-c++-3.6.8-8.el8.i686.rpm465f255334f54df6c47e0b6afe6e6e759f308bd882ea97658dd7cb88b87cec6e-ol8_x86_64_appstream
gnutls-c++-3.6.8-8.el8.x86_64.rpm93e5e8e51e785f2eeae8471421b9305a6e5c465cf420f8a0fbb58b4f5a6053b2-ol8_x86_64_appstream
gnutls-dane-3.6.8-8.el8.i686.rpm0ac8429ec3e8ec880f6e77edc5bf87d522f839430404d648e286d14c549416e3-ol8_x86_64_appstream
gnutls-dane-3.6.8-8.el8.x86_64.rpm0cf9fec53ccb2a9930a2eab1563889a5c806529ef5aa902921dd71f6d779779f-ol8_x86_64_appstream
gnutls-devel-3.6.8-8.el8.i686.rpm0b8780b3942b5b88f67007fae1fcaea10d16038f42996dcbaa5e68e9ca4dd342-ol8_x86_64_appstream
gnutls-devel-3.6.8-8.el8.x86_64.rpm15c80a53f828d44d48baeaa92b97005cc73ed0a74900744d783794a619232633-ol8_x86_64_appstream
gnutls-utils-3.6.8-8.el8.x86_64.rpm72b899f420a43df389e3e0848fdeb38b67f3b5df5687357d1b3a5c1416f42109-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights