Описание
Security update for libzapojit
This update for libzapojit fixes the following issues:
- CVE-2021-39360: Fixed missing guard against invalid SSL certificates (bsc#1189844).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libzapojit-0_0-0-0.0.3-5.3.1
libzapojit-devel-0.0.3-5.3.1
typelib-1_0-Zpj-0_0-0.0.3-5.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libzapojit-0_0-0-0.0.3-5.3.1
typelib-1_0-Zpj-0_0-0.0.3-5.3.1
Ссылки
- Link for SUSE-SU-2022:3266-1
- E-Mail link for SUSE-SU-2022:3266-1
- SUSE Security Ratings
- SUSE Bug 1189844
- SUSE CVE CVE-2021-39360 page
Описание
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libzapojit-0_0-0-0.0.3-5.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libzapojit-devel-0.0.3-5.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Zpj-0_0-0.0.3-5.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libzapojit-0_0-0-0.0.3-5.3.1
Ссылки
- CVE-2021-39360
- SUSE Bug 1189844