It was found that GnuTLS implementation of HMAC-SHA-384 was vulnerable to Lucky thirteen style attack due to use of wrong constant appropriate to hash functions that encode the length field.
External References: https://eprint.iacr.org/2018/747
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1619517] Created gnutls30 tracking bugs for this issue: Affects: epel-all [bug 1619519] Created mingw-gnutls tracking bugs for this issue: Affects: epel-all [bug 1619520] Affects: fedora-all [bug 1619518]
Upstream patch: https://gitlab.com/gnutls/gnutls/merge_requests/657
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3050 https://access.redhat.com/errata/RHSA-2018:3050