Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-39359

Опубликовано: 22 авг. 2021
Источник: debian

Описание

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libgda5fixed5.2.10-5package

Примечания

  • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/

  • https://gitlab.gnome.org/GNOME/libgda/-/issues/249

  • Fixed by: https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d (master)

  • Debian builds with --without-libsoup, which disabled the web functionality using libsoup entirely

Связанные уязвимости

ubuntu логотип

CVE-2021-39359

CVSS3: 5.9
ubuntu
больше 4 лет назад

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

nvd логотип

CVE-2021-39359

CVSS3: 5.9
nvd
больше 4 лет назад

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

suse-cvrf логотип

SUSE-SU-2022:3016-1

suse-cvrf
больше 3 лет назад

Security update for libgda

github логотип

GHSA-p8hp-p5rw-j34r

CVSS3: 5.9
github
больше 3 лет назад

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.