Описание
Security update for gfbgraph
This update for gfbgraph fixes the following issues:
- CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP3
gfbgraph-devel-0.2.3-150000.3.5.1
libgfbgraph-0_2-0-0.2.3-150000.3.5.1
typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP3
gfbgraph-devel-0.2.3-150000.3.5.1
libgfbgraph-0_2-0-0.2.3-150000.3.5.1
typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1
openSUSE Leap 15.3
gfbgraph-devel-0.2.3-150000.3.5.1
libgfbgraph-0_2-0-0.2.3-150000.3.5.1
typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1
Ссылки
- Link for SUSE-SU-2022:2876-1
- E-Mail link for SUSE-SU-2022:2876-1
- SUSE Security Ratings
- SUSE Bug 1189850
- SUSE CVE CVE-2021-39358 page
Описание
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP3:gfbgraph-devel-0.2.3-150000.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP3:libgfbgraph-0_2-0-0.2.3-150000.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP3:typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP3:gfbgraph-devel-0.2.3-150000.3.5.1
Ссылки
- CVE-2021-39358
- SUSE Bug 1189850