MGASA-2021-0291 - Updated gnutls packages fix security vulnerabilities
Publication date: 28 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0291.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-20231,
CVE-2021-20233
A flaw was found in gnutls. A use after free issue in client sending
key_share extension may lead to memory corruption and other consequences
(CVE-2021-20231).
A flaw was found in gnutls. A use after free issue in client_send_params in
lib/ext/pre_shared_key.c may lead to memory corruption and other potential
consequences (CVE-2021-20232).
References:
- https://bugs.mageia.org/show_bug.cgi?id=29021
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.opensuse.org/archives/list/[email protected]/thread/LUDG7BXPVVVALM2YUCJ2EKIRBHFXMY75/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233
SRPMS:
- 7/core/gnutls-3.6.15-1.1.mga7
- 8/core/gnutls-3.6.15-3.1.mga8
Mageia 2021-0291: gnutls security update
A flaw was found in gnutls
Summary
CVE: CVE-2021-20231,
CVE-2021-20233
A flaw was found in gnutls. A use after free issue in client sending
key_share extension may lead to memory corruption and other consequences
(CVE-2021-20231).
A flaw was found in gnutls. A use after free issue in client_send_params in
lib/ext/pre_shared_key.c may lead to memory corruption and other potential
consequences (CVE-2021-20232).
Resolution
MGASA-2021-0291 - Updated gnutls packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=29021
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.opensuse.org/archives/list/[email protected]/thread/LUDG7BXPVVVALM2YUCJ2EKIRBHFXMY75/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233
Severity
Issued Date: 28 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0291.html
Type: security
Affected Mageia releases: 7, 8
News
HOWTOs
Features
Black Hat USA & DEFCON 2021 Coverage on LinuxSecurity: What You Need to Know
TLS Email Encryption Explained - How To Encrypt Email with TLS
Keeping Your System Secure is Easier than Ever with LinuxSecurity Customized Advisories!
The State of Vulnerability Management and Patching in The Enterprise Environment
Complete Guide to Installing Security Updates in Debian & Ubuntu
About Us
Powered By
