SUSE-SU-2020:1584-1

Опубликовано: 09 июн. 2020

Источник: suse-cvrf

Описание

Security update for gnutls

This update for gnutls fixes the following issues:

CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506).
Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461).

Список пакетов

Container caasp/v4/389-ds:1.4.2

libgnutls30-3.6.7-6.29.1

Container caasp/v4/busybox:1.34.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/caasp-dex:2.16.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cert-exporter:2.3.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cilium-etcd-operator:2.0.5

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cilium-init:1.5.3

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cilium-operator:1.6.6

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cilium:1.6.6

libgnutls30-3.6.7-6.29.1

Container caasp/v4/cloud-provider-openstack:1.15.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/configmap-reload:0.3.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/coredns:1.6.7

libgnutls30-3.6.7-6.29.1

Container caasp/v4/curl:7.60.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/etcd:3.4.13

libgnutls30-3.6.7-6.29.1

Container caasp/v4/gangway:3.1.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/grafana:7.5.12

libgnutls30-3.6.7-6.29.1

Container caasp/v4/helm-tiller:2.16.12

libgnutls30-3.6.7-6.29.1

Container caasp/v4/hyperkube:v1.17.17

libgnutls30-3.6.7-6.29.1

Container caasp/v4/k8s-sidecar:0.1.75

libgnutls30-3.6.7-6.29.1

Container caasp/v4/kube-state-metrics:1.9.3

libgnutls30-3.6.7-6.29.1

Container caasp/v4/kubernetes-client:1.17.17

libgnutls30-3.6.7-6.29.1

Container caasp/v4/kucero:1.3.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/kured:1.3.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/metrics-server:0.3.6

libgnutls30-3.6.7-6.29.1

Container caasp/v4/prometheus-alertmanager:0.16.2

libgnutls30-3.6.7-6.29.1

Container caasp/v4/prometheus-node-exporter:1.1.2

libgnutls30-3.6.7-6.29.1

Container caasp/v4/prometheus-pushgateway:0.6.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/prometheus-server:2.7.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/rsyslog:8.39.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/skuba-tooling:0.1.0

libgnutls30-3.6.7-6.29.1

Container caasp/v4/test-update:beta

libgnutls30-3.6.7-6.29.1

Container caasp/v4/velero-plugin-for-aws:1.0.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/velero-plugin-for-gcp:1.0.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/velero-restic-restore-helper:1.3.1

libgnutls30-3.6.7-6.29.1

Container caasp/v4/velero:1.3.1

libgnutls30-3.6.7-6.29.1

Container ses/6/cephcsi/cephcsi:latest

libgnutls30-3.6.7-6.29.1

Container ses/6/rook/ceph:latest

libgnutls30-3.6.7-6.29.1

Container suse/sle15:15.0

libgnutls30-3.6.7-6.29.1

Container suse/sle15:15.1

libgnutls30-3.6.7-6.29.1

Image SLES15-Azure-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-EC2-CHOST-HVM-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-EC2-HVM-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-GCE-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-OCI-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-Azure

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-Azure-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-Azure-LI-BYOS-Production

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-EC2-HVM

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-EC2-HVM-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-GCE

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-GCE-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SAP-OCI-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Azure-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Azure-HPC-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-CHOST-BYOS-Azure

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-CHOST-BYOS-EC2

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-CHOST-BYOS-GCE

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-EC2-HVM-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-GCE-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-OCI-BYOS

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-Azure

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-Azure-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-EC2-HVM

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-GCE

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-GCE-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAP-OCI-BYOS

gnutls-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

Image SLES15-SP1-SAPCAL-Azure

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

Image SLES15-SP1-SAPCAL-GCE

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

gnutls-3.6.7-6.29.1

libgnutls-devel-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

libgnutls30-hmac-3.6.7-6.29.1

libgnutls30-hmac-32bit-3.6.7-6.29.1

libgnutlsxx-devel-3.6.7-6.29.1

libgnutlsxx28-3.6.7-6.29.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

gnutls-3.6.7-6.29.1

libgnutls-devel-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

libgnutls30-hmac-3.6.7-6.29.1

libgnutls30-hmac-32bit-3.6.7-6.29.1

libgnutlsxx-devel-3.6.7-6.29.1

libgnutlsxx28-3.6.7-6.29.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

gnutls-3.6.7-6.29.1

libgnutls-devel-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

libgnutls30-hmac-3.6.7-6.29.1

libgnutls30-hmac-32bit-3.6.7-6.29.1

libgnutlsxx-devel-3.6.7-6.29.1

libgnutlsxx28-3.6.7-6.29.1

SUSE Linux Enterprise Server 15-LTSS

gnutls-3.6.7-6.29.1

libgnutls-devel-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

libgnutls30-hmac-3.6.7-6.29.1

libgnutls30-hmac-32bit-3.6.7-6.29.1

libgnutlsxx-devel-3.6.7-6.29.1

libgnutlsxx28-3.6.7-6.29.1

SUSE Linux Enterprise Server for SAP Applications 15

gnutls-3.6.7-6.29.1

libgnutls-devel-3.6.7-6.29.1

libgnutls30-3.6.7-6.29.1

libgnutls30-32bit-3.6.7-6.29.1

libgnutls30-hmac-3.6.7-6.29.1

libgnutls30-hmac-32bit-3.6.7-6.29.1

libgnutlsxx-devel-3.6.7-6.29.1

libgnutlsxx28-3.6.7-6.29.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201584-1/
Link for SUSE-SU-2020:1584-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006910.html
E-Mail link for SUSE-SU-2020:1584-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172461
SUSE Bug 1172461
https://bugzilla.suse.com/1172506
SUSE Bug 1172506
https://www.suse.com/security/cve/CVE-2020-13777/
SUSE CVE CVE-2020-13777 page

Описание

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libgnutls30-3.6.7-6.29.1

Container caasp/v4/busybox:1.34.1:libgnutls30-3.6.7-6.29.1

Container caasp/v4/caasp-dex:2.16.0:libgnutls30-3.6.7-6.29.1

Container caasp/v4/cert-exporter:2.3.0:libgnutls30-3.6.7-6.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13777.html
CVE-2020-13777
https://bugzilla.suse.com/1172461
SUSE Bug 1172461
https://bugzilla.suse.com/1172506
SUSE Bug 1172506