SUSE-SU-2020:2864-1

Опубликовано: 06 окт. 2020

Источник: suse-cvrf

Описание

Security update for gnutls

This update for gnutls fixes the following issues:

Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181)
FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086)
FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
FIPS: Add TLS KDF selftest (bsc#1176671)

Список пакетов

Container ses/7/ceph/ceph:latest

libgnutls30-3.6.7-14.4.1

Container ses/7/ceph/grafana:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/ceph/prometheus-alertmanager:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/ceph/prometheus-node-exporter:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/ceph/prometheus-server:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/cephcsi:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-attacher:v2.1.0

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-attacher:v3.3.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-livenessprobe:v1.1.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-node-driver-registrar:v1.2.0

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-node-driver-registrar:v2.3.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-provisioner:v1.6.0

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-provisioner:v3.0.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-resizer:v0.4.0

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-resizer:v1.3.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/cephcsi/csi-snapshotter:v2.1.0

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-snapshotter:v2.1.1

libgnutls30-3.6.7-14.4.1

Container ses/7/cephcsi/csi-snapshotter:v4.2.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/prometheus-webhook-snmp:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/rook/ceph:latest

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sle-micro/5.0/toolbox:latest

libgnutls30-3.6.7-14.4.1

Container suse/sle15:15.2

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sles/15.2/virt-handler:0.38.1

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Container suse/sles/15.2/virt-launcher:0.38.1

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Container suse/sles/15.3/cdi-importer:1.37.1

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sles/15.3/cdi-uploadserver:1.37.1

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sles/15.3/libguestfs-tools:0.45.0

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sles/15.3/virt-handler:0.45.0

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Container suse/sles/15.3/virt-launcher:0.45.0

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

Image SLES15-SP2-Azure-Basic

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Azure-Standard

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-CHOST-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-CHOST-BYOS-EC2

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-CHOST-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-EC2-ECS-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-HPC-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-HPC-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-Azure

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-BYOS-Azure

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-BYOS-GCE

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-EC2-HVM

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP2-SAP-GCE

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-CHOST-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-CHOST-BYOS-EC2

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-CHOST-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-EC2-ECS-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-EC2-HVM

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-HPC-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-HPC-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-HPC-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-Micro-BYOS-GCE

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-Azure

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-BYOS-Azure

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-BYOS-GCE

gnutls-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

Image SLES15-SP3-SAP-EC2-HVM

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-SAP-GCE

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-SAPCAL-Azure

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

Image SLES15-SP3-SAPCAL-GCE

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

gnutls-3.6.7-14.4.1

libgnutls-devel-3.6.7-14.4.1

libgnutls30-3.6.7-14.4.1

libgnutls30-32bit-3.6.7-14.4.1

libgnutls30-hmac-3.6.7-14.4.1

libgnutls30-hmac-32bit-3.6.7-14.4.1

libgnutlsxx-devel-3.6.7-14.4.1

libgnutlsxx28-3.6.7-14.4.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202864-1/
Link for SUSE-SU-2020:2864-1
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007527.html
E-Mail link for SUSE-SU-2020:2864-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176086
SUSE Bug 1176086
https://bugzilla.suse.com/1176181
SUSE Bug 1176181
https://bugzilla.suse.com/1176671
SUSE Bug 1176671
https://www.suse.com/security/cve/CVE-2020-24659/
SUSE CVE CVE-2020-24659 page

Описание

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Затронутые продукты

Container ses/7/ceph/ceph:latest:libgnutls30-3.6.7-14.4.1

Container ses/7/ceph/grafana:latest:libgnutls30-3.6.7-14.4.1

Container ses/7/ceph/grafana:latest:libgnutls30-hmac-3.6.7-14.4.1

Container ses/7/ceph/prometheus-alertmanager:latest:libgnutls30-3.6.7-14.4.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-24659.html
CVE-2020-24659
https://bugzilla.suse.com/1176181
SUSE Bug 1176181
https://bugzilla.suse.com/1178057
SUSE Bug 1178057