ELSA-2020-5483

Опубликовано: 21 дек. 2020

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2020-5483: gnutls security and bug fix update (MODERATE)

[3.6.14-7]

Increase DH key bits to >= 2048 in self-tests (#1879506)
Implement self-tests for KDF and CMAC (#1890870)
Fix CVE-2020-24659: heap buffer-overflow when 'no_renegotiation' alert is received (#1873959)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

gnutls

3.6.14-7.el8_3

gnutls-c++

3.6.14-7.el8_3

gnutls-dane

3.6.14-7.el8_3

gnutls-devel

3.6.14-7.el8_3

gnutls-utils

3.6.14-7.el8_3

Oracle Linux x86_64

gnutls

3.6.14-7.el8_3

gnutls-c++

3.6.14-7.el8_3

gnutls-dane

3.6.14-7.el8_3

gnutls-devel

3.6.14-7.el8_3

gnutls-utils

3.6.14-7.el8_3

Связанные CVE

CVE-2020-24659

Ссылки на источники

Связанные уязвимости

CVE-2020-24659

CVSS3: 7.5

ubuntu

больше 5 лет назад

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

CVE-2020-24659

CVSS3: 7.5

redhat

больше 5 лет назад

CVE-2020-24659

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-24659

CVSS3: 7.5

msrc

больше 5 лет назад

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.

CVE-2020-24659

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...