Mageia: MGASA-2021-0343 Moderate: Libgrss TLS Certificate Flaw

mageia

July 12, 2021

libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a ...

Summary

libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults (CVE-2016-20011).

References

- https://bugs.mageia.org/show_bug.cgi?id=29092

- https://www.cve.org/CVERecord?id=CVE-2016-20011

Topics Covered

security advisory security update moderate severity TLS issue certificate verification Mageia libgrss

Resolution

SRPMS

- 7/core/libgrss-0.7.0-2.1.mga7

- 8/core/libgrss-0.7.0-4.1.mga8

Publication date: 12 Jul 2021

URL: https://advisories.mageia.org/MGASA-2021-0343.html

Type: security

CVE: CVE-2016-20011

Topics Covered

security advisory security update moderate severity TLS issue certificate verification Mageia libgrss

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: MGASA-2021-0343 Moderate: Libgrss TLS Certificate Flaw

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: MGASA-2021-0343 Moderate: Libgrss TLS Certificate Flaw

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!