openSUSE-SU-2022:0717-1

Опубликовано: 04 мар. 2022

Источник: suse-cvrf

Описание

Security update for gnutls

This update for gnutls fixes the following issues:

CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).

Список пакетов

openSUSE Leap 15.3

gnutls-3.6.7-14.16.1

gnutls-guile-3.6.7-14.16.1

libgnutls-devel-3.6.7-14.16.1

libgnutls-devel-32bit-3.6.7-14.16.1

libgnutls30-3.6.7-14.16.1

libgnutls30-32bit-3.6.7-14.16.1

libgnutls30-hmac-3.6.7-14.16.1

libgnutls30-hmac-32bit-3.6.7-14.16.1

libgnutlsxx-devel-3.6.7-14.16.1

libgnutlsxx28-3.6.7-14.16.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RI5PFWTNO6UDYFJ3HLMKV5PQYAJ77E46/
E-Mail link for openSUSE-SU-2022:0717-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1196167
SUSE Bug 1196167
https://www.suse.com/security/cve/CVE-2021-4209/
SUSE CVE CVE-2021-4209 page

Описание

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

Затронутые продукты

openSUSE Leap 15.3:gnutls-3.6.7-14.16.1

openSUSE Leap 15.3:gnutls-guile-3.6.7-14.16.1

openSUSE Leap 15.3:libgnutls-devel-3.6.7-14.16.1

openSUSE Leap 15.3:libgnutls-devel-32bit-3.6.7-14.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-4209.html
CVE-2021-4209
https://bugzilla.suse.com/1196167
SUSE Bug 1196167

openSUSE-SU-2022:0717-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-4209

Описание

Затронутые продукты

Ссылки