SUSE-SU-2022:3016-1

Опубликовано: 05 сент. 2022

Источник: suse-cvrf

Описание

Security update for libgda

This update for libgda fixes the following issues:

CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP3-BCL

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP5

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libgda-5_0-devel-5.2.4-9.3.1

typelib-1_0-Gda-5_0-5.2.4-9.3.1

typelib-1_0-Gdaui-5_0-5.2.4-9.3.1

SUSE Linux Enterprise Workstation Extension 12 SP5

libgda-5_0-4-lang-5.2.4-9.3.1

SUSE OpenStack Cloud 9

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

SUSE OpenStack Cloud Crowbar 9

libgda-5_0-4-5.2.4-9.3.1

libgda-5_0-mysql-5.2.4-9.3.1

libgda-5_0-postgres-5.2.4-9.3.1

libgda-5_0-sqlite-5.2.4-9.3.1

libgda-ui-5_0-4-5.2.4-9.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223016-1/
Link for SUSE-SU-2022:3016-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012076.html
E-Mail link for SUSE-SU-2022:3016-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1189849
SUSE Bug 1189849
https://www.suse.com/security/cve/CVE-2021-39359/
SUSE CVE CVE-2021-39359 page

Описание

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:libgda-5_0-4-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP2-BCL:libgda-5_0-mysql-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP2-BCL:libgda-5_0-postgres-5.2.4-9.3.1

SUSE Linux Enterprise Server 12 SP2-BCL:libgda-5_0-sqlite-5.2.4-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-39359.html
CVE-2021-39359
https://bugzilla.suse.com/1189849
SUSE Bug 1189849

SUSE-SU-2022:3016-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2021-39359

Описание

Затронутые продукты

Ссылки