openSUSE-SU-2020:0501-1

Опубликовано: 11 апр. 2020

Источник: suse-cvrf

Описание

Security update for gmp, gnutls, libnettle

This update for gmp, gnutls, libnettle fixes the following issues:

Security issue fixed:

CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

FIPS related bugfixes:

FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

gmp-devel-6.1.2-lp151.4.3.1

gmp-devel-32bit-6.1.2-lp151.4.3.1

gnutls-3.6.7-lp151.2.6.1

gnutls-guile-3.6.7-lp151.2.6.1

libgmp10-6.1.2-lp151.4.3.1

libgmp10-32bit-6.1.2-lp151.4.3.1

libgmpxx4-6.1.2-lp151.4.3.1

libgmpxx4-32bit-6.1.2-lp151.4.3.1

libgnutls-dane-devel-3.6.7-lp151.2.6.1

libgnutls-dane0-3.6.7-lp151.2.6.1

libgnutls-devel-3.6.7-lp151.2.6.1

libgnutls-devel-32bit-3.6.7-lp151.2.6.1

libgnutls30-3.6.7-lp151.2.6.1

libgnutls30-32bit-3.6.7-lp151.2.6.1

libgnutls30-hmac-3.6.7-lp151.2.6.1

libgnutls30-hmac-32bit-3.6.7-lp151.2.6.1

libgnutlsxx-devel-3.6.7-lp151.2.6.1

libgnutlsxx28-3.6.7-lp151.2.6.1

libhogweed4-3.4.1-lp151.2.3.2

libhogweed4-32bit-3.4.1-lp151.2.3.2

libnettle-devel-3.4.1-lp151.2.3.2

libnettle-devel-32bit-3.4.1-lp151.2.3.2

libnettle6-3.4.1-lp151.2.3.2

libnettle6-32bit-3.4.1-lp151.2.3.2

nettle-3.4.1-lp151.2.3.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/77K4ZRRLY5AFFKTFNJ3G4BEYUWA7X2P6/
E-Mail link for openSUSE-SU-2020:0501-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1152692
SUSE Bug 1152692
https://bugzilla.suse.com/1155327
SUSE Bug 1155327
https://bugzilla.suse.com/1166881
SUSE Bug 1166881
https://bugzilla.suse.com/1168345
SUSE Bug 1168345
https://www.suse.com/security/cve/CVE-2020-11501/
SUSE CVE CVE-2020-11501 page

Описание

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

Затронутые продукты

openSUSE Leap 15.1:gmp-devel-32bit-6.1.2-lp151.4.3.1

openSUSE Leap 15.1:gmp-devel-6.1.2-lp151.4.3.1

openSUSE Leap 15.1:gnutls-3.6.7-lp151.2.6.1

openSUSE Leap 15.1:gnutls-guile-3.6.7-lp151.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-11501.html
CVE-2020-11501
https://bugzilla.suse.com/1168345
SUSE Bug 1168345

openSUSE-SU-2020:0501-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-11501

Описание

Затронутые продукты

Ссылки