{"affected":[{"ecosystem_specific":{"binaries":[{"gnutls":"3.7.3-150400.8.1","libgnutls30":"3.7.3-150400.8.1","libgnutls30-hmac":"3.7.3-150400.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"gnutls","purl":"pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.7.3-150400.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for gnutls fixes the following issues:\n\n- CVE-2024-28835: Fixed a certtool crash when verifying a certificate\n  chain (bsc#1221747).\n- CVE-2024-28834: Fixed a side-channel attack in the deterministic\n  ECDSA (bsc#1221746).\n\nOther fixes:\n\n- Fixed a memory leak when using the entropy collector (bsc#1221242).\n","id":"SUSE-SU-2024:2546-1","modified":"2024-07-17T12:44:32Z","published":"2024-07-17T12:44:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242546-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221242"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221746"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-28835"}],"related":["CVE-2024-28834","CVE-2024-28835"],"summary":"Security update for gnutls","upstream":["CVE-2024-28834","CVE-2024-28835"]}