Описание
Security update for gnutls
This update for gnutls fixes the following issues:
- Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181)
- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086)
- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
- FIPS: Add TLS KDF selftest (bsc#1176671)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
gnutls-3.6.7-lp152.9.3.2
gnutls-guile-3.6.7-lp152.9.3.2
libgnutls-dane-devel-3.6.7-lp152.9.3.2
libgnutls-dane0-3.6.7-lp152.9.3.2
libgnutls-devel-3.6.7-lp152.9.3.2
libgnutls-devel-32bit-3.6.7-lp152.9.3.2
libgnutls30-3.6.7-lp152.9.3.2
libgnutls30-32bit-3.6.7-lp152.9.3.2
libgnutls30-hmac-3.6.7-lp152.9.3.2
libgnutls30-hmac-32bit-3.6.7-lp152.9.3.2
libgnutlsxx-devel-3.6.7-lp152.9.3.2
libgnutlsxx28-3.6.7-lp152.9.3.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1743-1
- SUSE Security Ratings
- SUSE Bug 1176086
- SUSE Bug 1176181
- SUSE Bug 1176671
- SUSE CVE CVE-2020-24659 page
Описание
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
Затронутые продукты
openSUSE Leap 15.2:gnutls-3.6.7-lp152.9.3.2
openSUSE Leap 15.2:gnutls-guile-3.6.7-lp152.9.3.2
openSUSE Leap 15.2:libgnutls-dane-devel-3.6.7-lp152.9.3.2
openSUSE Leap 15.2:libgnutls-dane0-3.6.7-lp152.9.3.2
Ссылки
- CVE-2020-24659
- SUSE Bug 1176181
- SUSE Bug 1178057