openSUSE-SU-2021:1312-1

Опубликовано: 28 сент. 2021

Источник: suse-cvrf

Описание

Security update for grilo

This update for grilo fixes the following issues:

CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

grilo-devel-0.3.12-lp152.2.3.1

grilo-lang-0.3.12-lp152.2.3.1

grilo-tools-0.3.12-lp152.2.3.1

libgrilo-0_3-0-0.3.12-lp152.2.3.1

libgrlnet-0_3-0-0.3.12-lp152.2.3.1

libgrlpls-0_3-0-0.3.12-lp152.2.3.1

typelib-1_0-Grl-0_3-0.3.12-lp152.2.3.1

typelib-1_0-GrlNet-0_3-0.3.12-lp152.2.3.1

typelib-1_0-GrlPls-0_3-0.3.12-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BGUJWWBS4PDPSJUYSU34VIR2THULULQF/
E-Mail link for openSUSE-SU-2021:1312-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1189839
SUSE Bug 1189839
https://www.suse.com/security/cve/CVE-2021-39365/
SUSE CVE CVE-2021-39365 page

Описание

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Затронутые продукты

openSUSE Leap 15.2:grilo-devel-0.3.12-lp152.2.3.1

openSUSE Leap 15.2:grilo-lang-0.3.12-lp152.2.3.1

openSUSE Leap 15.2:grilo-tools-0.3.12-lp152.2.3.1

openSUSE Leap 15.2:libgrilo-0_3-0-0.3.12-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-39365.html
CVE-2021-39365
https://bugzilla.suse.com/1189839
SUSE Bug 1189839

openSUSE-SU-2021:1312-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-39365

Описание

Затронутые продукты

Ссылки