Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:3003-1

Опубликовано: 09 сент. 2021
Источник: suse-cvrf

Описание

Security update for grilo

This update for grilo fixes the following issues:

  • CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
libgrilo-0_3-0-0.3.2-7.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libgrilo-0_3-0-0.3.2-7.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
grilo-devel-0.3.2-7.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
grilo-lang-0.3.2-7.3.1
libgrlnet-0_3-0-0.3.2-7.3.1
libgrlpls-0_3-0-0.3.2-7.3.1
typelib-1_0-Grl-0_3-0.3.2-7.3.1
typelib-1_0-GrlNet-0_3-0.3.2-7.3.1
typelib-1_0-GrlPls-0_3-0.3.2-7.3.1

Ссылки

Описание

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libgrilo-0_3-0-0.3.2-7.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libgrilo-0_3-0-0.3.2-7.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:grilo-devel-0.3.2-7.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5:grilo-lang-0.3.2-7.3.1
Ссылки