Showing 1 - 3 of 3

CVE-2018-10846

Status Candidate

Overview

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Related Files

Ubuntu Security Notice USN-3999-1: Posted May 30, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3999-1 - Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2019-3829, CVE-2019-3836; SHA-256 | b8834a0c4a4415f7835754310e5da31860dabee4b26c193e7e1297853870b1e3; Download | Favorite | View

Red Hat Security Advisory 2018-3505-01: Posted Nov 6, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.; tags | advisory; systems | linux, redhat; advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456; SHA-256 | 5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49; Download | Favorite | View

Red Hat Security Advisory 2018-3050-01: Posted Oct 30, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3050-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Issues addressed include Lucky Thirteen and other attack mitigations.; tags | advisory, protocol; systems | linux, redhat; advisories | CVE-2018-10844, CVE-2018-10845, CVE-2018-10846; SHA-256 | 38ca5d2776946623c9c54dd29ef704c3ba47f955d8683b28145b1cc9b2ae8fe7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2018-10846

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems