Описание
Security update for glib-networking
This update for glib-networking fixes the following issues:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
Список пакетов
HPE Helion OpenStack 8
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
glib-networking-2.48.2-6.3.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
glib-networking-2.48.2-6.3.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
glib-networking-2.48.2-6.3.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
glib-networking-2.48.2-6.3.1
SUSE Linux Enterprise Server 12 SP2-BCL
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server 12 SP3-BCL
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server 12 SP3-LTSS
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server 12 SP5
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE OpenStack Cloud 8
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE OpenStack Cloud 9
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE OpenStack Cloud Crowbar 8
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
SUSE OpenStack Cloud Crowbar 9
glib-networking-2.48.2-6.3.1
glib-networking-lang-2.48.2-6.3.1
Ссылки
- Link for SUSE-SU-2021:4004-1
- E-Mail link for SUSE-SU-2021:4004-1
- SUSE Security Ratings
- SUSE Bug 1172460
- SUSE CVE CVE-2020-13645 page
Описание
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
Затронутые продукты
HPE Helion OpenStack 8:glib-networking-2.48.2-6.3.1
HPE Helion OpenStack 8:glib-networking-lang-2.48.2-6.3.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:glib-networking-2.48.2-6.3.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:glib-networking-2.48.2-6.3.1
Ссылки
- CVE-2020-13645
- SUSE Bug 1172460