Описание
Security update for grilo
This update for grilo fixes the following issues:
- CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839).
Список пакетов
SUSE Enterprise Storage 6
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise Server 15 SP1-BCL
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise Server 15-LTSS
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise Server for SAP Applications 15
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
grilo-devel-0.3.4-3.3.1
libgrilo-0_3-0-0.3.4-3.3.1
libgrlnet-0_3-0-0.3.4-3.3.1
libgrlpls-0_3-0-0.3.4-3.3.1
typelib-1_0-Grl-0_3-0.3.4-3.3.1
typelib-1_0-GrlNet-0_3-0.3.4-3.3.1
typelib-1_0-GrlPls-0_3-0.3.4-3.3.1
Ссылки
- Link for SUSE-SU-2021:3295-1
- E-Mail link for SUSE-SU-2021:3295-1
- SUSE Security Ratings
- SUSE Bug 1189839
- SUSE CVE CVE-2021-39365 page
Описание
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Затронутые продукты
SUSE Enterprise Storage 6:grilo-devel-0.3.4-3.3.1
SUSE Enterprise Storage 6:libgrilo-0_3-0-0.3.4-3.3.1
SUSE Enterprise Storage 6:libgrlnet-0_3-0-0.3.4-3.3.1
SUSE Enterprise Storage 6:libgrlpls-0_3-0-0.3.4-3.3.1
Ссылки
- CVE-2021-39365
- SUSE Bug 1189839