Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:3194-1

Опубликовано: 23 сент. 2021
Источник: suse-cvrf

Описание

Security update for grilo

This update for grilo fixes the following issues:

  • CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP2
grilo-devel-0.3.12-3.3.1
libgrilo-0_3-0-0.3.12-3.3.1
libgrlnet-0_3-0-0.3.12-3.3.1
libgrlpls-0_3-0-0.3.12-3.3.1
typelib-1_0-Grl-0_3-0.3.12-3.3.1
typelib-1_0-GrlNet-0_3-0.3.12-3.3.1
typelib-1_0-GrlPls-0_3-0.3.12-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
grilo-devel-0.3.12-3.3.1
libgrilo-0_3-0-0.3.12-3.3.1
libgrlnet-0_3-0-0.3.12-3.3.1
libgrlpls-0_3-0-0.3.12-3.3.1
typelib-1_0-Grl-0_3-0.3.12-3.3.1
typelib-1_0-GrlNet-0_3-0.3.12-3.3.1
typelib-1_0-GrlPls-0_3-0.3.12-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP2
grilo-lang-0.3.12-3.3.1
grilo-tools-0.3.12-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3
grilo-lang-0.3.12-3.3.1
grilo-tools-0.3.12-3.3.1

Ссылки

Описание

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:grilo-devel-0.3.12-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgrilo-0_3-0-0.3.12-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgrlnet-0_3-0-0.3.12-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgrlpls-0_3-0-0.3.12-3.3.1
Ссылки