ELSA-2021-1609

Опубликовано: 25 мая 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-1609: p11-kit security, bug fix, and enhancement update (MODERATE)

[0.23.22-1]

Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363)
Preserve DT_NEEDED information from the previous version, flagged by rpmdiff
Add xsltproc to BR

[0.23.21-4]

Fix realloc usage on proxy cleanup (#1894979)
Make 'trust anchor --store' preserve all attributes from .p11-kit files

[0.23.21-3]

Restore clobbered changelog entry

[0.23.21-2]

Update p11-kit-invalid-config.patch to be more thorough (thanks to Alexander Sosedkin)

[0.23.21-1]

Update to upstream 0.23.21 release

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

p11-kit

0.23.22-1.el8

p11-kit-devel

0.23.22-1.el8

p11-kit-server

0.23.22-1.el8

p11-kit-trust

0.23.22-1.el8

Oracle Linux x86_64

p11-kit

0.23.22-1.el8

p11-kit-devel

0.23.22-1.el8

p11-kit-server

0.23.22-1.el8

p11-kit-trust

0.23.22-1.el8

Связанные CVE

CVE-2020-29362

CVE-2020-29363

CVE-2020-29361

Ссылки на источники

Связанные уязвимости

RLSA-2021:1609

rocky

около 4 лет назад

Moderate: p11-kit security, bug fix, and enhancement update

CVE-2020-29362

CVSS3: 5.3

ubuntu

больше 4 лет назад

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

CVE-2020-29362

CVSS3: 5.3

redhat

больше 4 лет назад

CVE-2020-29362

CVSS3: 5.3

nvd

больше 4 лет назад

CVE-2020-29362

CVSS3: 5.3

msrc

больше 4 лет назад

Описание отсутствует