Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).
Список пакетов
Container caasp/v4/cilium-operator:1.6.6
libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/cilium:1.6.6
libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/helm-tiller:2.16.12
libgnutls30-3.6.7-150000.6.45.2
Container suse/sle15:15.0
libgnutls30-3.6.7-150000.6.45.2
Container suse/sle15:15.1
libgnutls30-3.6.7-150000.6.45.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libgnutls30-3.6.7-150000.6.45.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libgnutls30-3.6.7-150000.6.45.2
Image SLES15-SP1-SAPCAL-Azure
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
Image SLES15-SP1-SAPCAL-EC2-HVM
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
Image SLES15-SP1-SAPCAL-GCE
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
SUSE Enterprise Storage 6
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise High Performance Computing 15-LTSS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise Server 15 SP1-BCL
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise Server 15 SP1-LTSS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise Server 15-LTSS
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise Server for SAP Applications 15
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
gnutls-3.6.7-150000.6.45.2
libgnutls-devel-3.6.7-150000.6.45.2
libgnutls30-3.6.7-150000.6.45.2
libgnutls30-32bit-3.6.7-150000.6.45.2
libgnutls30-hmac-3.6.7-150000.6.45.2
libgnutls30-hmac-32bit-3.6.7-150000.6.45.2
libgnutlsxx-devel-3.6.7-150000.6.45.2
libgnutlsxx28-3.6.7-150000.6.45.2
Ссылки
- Link for SUSE-SU-2022:2830-1
- E-Mail link for SUSE-SU-2022:2830-1
- SUSE Security Ratings
- SUSE Bug 1196167
- SUSE Bug 1202020
- SUSE CVE CVE-2021-4209 page
- SUSE CVE CVE-2022-2509 page
Описание
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Затронутые продукты
Container caasp/v4/cilium-operator:1.6.6:libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/cilium:1.6.6:libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/helm-tiller:2.16.12:libgnutls30-3.6.7-150000.6.45.2
Container suse/sle15:15.0:libgnutls30-3.6.7-150000.6.45.2
Ссылки
- CVE-2021-4209
- SUSE Bug 1196167
Описание
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Затронутые продукты
Container caasp/v4/cilium-operator:1.6.6:libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/cilium:1.6.6:libgnutls30-3.6.7-150000.6.45.2
Container caasp/v4/helm-tiller:2.16.12:libgnutls30-3.6.7-150000.6.45.2
Container suse/sle15:15.0:libgnutls30-3.6.7-150000.6.45.2
Ссылки
- CVE-2022-2509
- SUSE Bug 1202020
- SUSE Bug 1202593