Oracle Linux Security Advisory ELSA-2022-6854
https://linux.oracle.com/errata/ELSA-2022-6854.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
gnutls-3.7.6-12.el9_0.i686.rpm
gnutls-3.7.6-12.el9_0.x86_64.rpm
gnutls-c++-3.7.6-12.el9_0.i686.rpm
gnutls-c++-3.7.6-12.el9_0.x86_64.rpm
gnutls-dane-3.7.6-12.el9_0.i686.rpm
gnutls-dane-3.7.6-12.el9_0.x86_64.rpm
gnutls-devel-3.7.6-12.el9_0.i686.rpm
gnutls-devel-3.7.6-12.el9_0.x86_64.rpm
gnutls-utils-3.7.6-12.el9_0.x86_64.rpm
nettle-3.8-3.el9_0.i686.rpm
nettle-3.8-3.el9_0.x86_64.rpm
nettle-devel-3.8-3.el9_0.i686.rpm
nettle-devel-3.8-3.el9_0.x86_64.rpm
aarch64:
gnutls-3.7.6-12.el9_0.aarch64.rpm
gnutls-c++-3.7.6-12.el9_0.aarch64.rpm
gnutls-dane-3.7.6-12.el9_0.aarch64.rpm
gnutls-devel-3.7.6-12.el9_0.aarch64.rpm
gnutls-utils-3.7.6-12.el9_0.aarch64.rpm
nettle-3.8-3.el9_0.aarch64.rpm
nettle-devel-3.8-3.el9_0.aarch64.rpm
SRPMS:
https://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.7.6-12.el9_0.src.rpm
https://oss.oracle.com/ol9/SRPMS-updates/nettle-3.8-3.el9_0.src.rpm
Related CVEs:
CVE-2022-2509
Description of changes:
gnutls
[3.7.6-12]
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API
[3.7.6-11]
- Supply --with{,out}-{zlib,brotli,zstd} explicitly
[3.7.6-10]
- Revert nettle version pinning as it doesn't work well in side-tag
[3.7.6-9]
- Pin nettle version in Requires when compiled with FIPS
[3.7.6-8]
- Bundle GMP to privatize memory functions
- Disable certificate compression support by default
[3.7.6-7]
- Update gnutls-3.7.6-cpuid-fixes.patch
[3.7.6-6]
- Mark RSA SigVer operation approved for known modulus sizes (#2119770)
- accelerated: clear AVX bits if it cannot be queried through XSAVE
[3.7.6-5]
- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314)
- sysrng: reseed source DRBG for prediction resistance
[3.7.6-4]
- Make gnutls-cli work with KTLS for testing
- Fix double-free in gnutls_pkcs7_verify (#2109789)
[3.7.6-3]
- Limit input size for AES-GCM according to SP800-38D (#2108635)
- Do not treat GPG verification errors as fatal
- Remove gnutls-3.7.6-libgnutlsxx-const.patch
[3.7.6-2]
- Allow enabling KTLS with config file (#2108532)
[3.7.6-1]
- Update to gnutls 3.7.6 (#2102591)
[3.7.3-10]
- Use only the first component of VERSION from /etc/os-release (#2076626)
- Don't run power-on self-tests on DSA (#2076627)
nettle
[3.8-3]
- Rebuild in new side-tag
[3.8-2]
- Bundle GMP to privatize memory functions
- Zeroize stack allocated intermediate data
[3.8-1]
- Update to nettle 3.8 (#2100350)
_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata
Oracle9: ELSA-2022-6854: gnutls and nettle security, bug fix, and enhancement Moderate Sec
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Summary
gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API [3.7.6-11] - Supply --with{,out}-{zlib,brotli,zstd} explicitly [3.7.6-10] - Revert nettle version pinning as it doesn't work well in side-tag [3.7.6-9] - Pin nettle version in Requires when compiled with FIPS [3.7.6-8] - Bundle GMP to privatize memory functions - Disable certificate compression support by default [3.7.6-7] - Update gnutls-3.7.6-cpuid-fixes.patch [3.7.6-6] - Mark RSA SigVer operation approved for known modulus sizes (#2119770) - accelerated: clear AVX bits if it cannot be queried through XSAVE [3.7.6-5] - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) - sysrng: reseed source DRBG for prediction resistance [3.7.6-4] - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109789) [3.7.6-3] - Limit input size for AES-GCM according to SP800-38D (#2108635) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch [3.7.6-2] - Allow enabling KTLS with config file (#2108532) [3.7.6-1] - Update to gnutls 3.7.6 (#2102591) [3.7.3-10] - Use only the first component of VERSION from /etc/os-release (#2076626) - Don't run power-on self-tests on DSA (#2076627) nettle [3.8-3] - Rebuild in new side-tag [3.8-2] - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data [3.8-1] - Update to nettle 3.8 (#2100350)
SRPMs
https://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.7.6-12.el9_0.src.rpm https://oss.oracle.com/ol9/SRPMS-updates/nettle-3.8-3.el9_0.src.rpm
x86_64
gnutls-3.7.6-12.el9_0.i686.rpm gnutls-3.7.6-12.el9_0.x86_64.rpm gnutls-c++-3.7.6-12.el9_0.i686.rpm gnutls-c++-3.7.6-12.el9_0.x86_64.rpm gnutls-dane-3.7.6-12.el9_0.i686.rpm gnutls-dane-3.7.6-12.el9_0.x86_64.rpm gnutls-devel-3.7.6-12.el9_0.i686.rpm gnutls-devel-3.7.6-12.el9_0.x86_64.rpm gnutls-utils-3.7.6-12.el9_0.x86_64.rpm nettle-3.8-3.el9_0.i686.rpm nettle-3.8-3.el9_0.x86_64.rpm nettle-devel-3.8-3.el9_0.i686.rpm nettle-devel-3.8-3.el9_0.x86_64.rpm
aarch64
gnutls-3.7.6-12.el9_0.aarch64.rpm gnutls-c++-3.7.6-12.el9_0.aarch64.rpm gnutls-dane-3.7.6-12.el9_0.aarch64.rpm gnutls-devel-3.7.6-12.el9_0.aarch64.rpm gnutls-utils-3.7.6-12.el9_0.aarch64.rpm nettle-3.8-3.el9_0.aarch64.rpm nettle-devel-3.8-3.el9_0.aarch64.rpm
i386
Severity
Related CVEs:
CVE-2022-2509
News
HOWTOs
Features
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
ZeroLock: How to Defend Against Ransomware on Linux
About Us
Powered By
