Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat 8 RHSA-2021-4451 Moderate: GnuTLS and Nettle Fixes

red hat
Calendar Grey November 9, 2021
Dist Redhat Esm H88
Important gnutls and nettle patches released for Red Hat Enterprise Linux 8. These updates resolve multiple security vulnerabilities.
An update for gnutls and nettle is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
The following packages have been upgraded to a later upstream version: gnutls (3.6.16). (BZ#1956783)
Security Fix(es):
* nettle: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580)
* gnutls: Use after free in client key_share extension (CVE-2021-20231)
* gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix Red Hat Enterprise Linux gnutls nettle

References

https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
aarch64: gnutls-c++-3.6.16-4.el8.aarch64.rpm gnutls-c++-debuginfo-3.6.16-4.el8.aarch64.rpm gnutls-dane-3.6.16-4.el8.aarch64.rpm gnutls-dane-debuginfo-3.6.16-4.el8.aarch64.rpm gnutls-debuginfo-3.6.16-4.el8.aarch64.rpm gnutls-debugsource-3.6.16-4.el8.aarch64.rpm gnutls-devel-3.6.16-4.el8.aarch64.rpm gnutls-utils-3.6.16-4.el8.aarch64.rpm gnutls-utils-debuginfo-3.6.16-4.el8.aarch64.rpm nettle-debuginfo-3.4.1-7.el8.aarch64.rpm nettle-debugsource-3.4.1-7.el8.aarch64.rpm nettle-devel-3.4.1-7.el8.aarch64.rpm
ppc64le: gnutls-c++-3.6.16-4.el8.ppc64le.rpm gnutls-c++-debuginfo-3.6.16-4.el8.ppc64le.rpm gnutls-dane-3.6.16-4.el8.ppc64le.rpm gnutls-dane-debuginfo-3.6.16-4.el8.ppc64le.rpm gnutls-debuginfo-3.6.16-4.el8.ppc64le.rpm gnutls-debugsource-3.6.16-4.el8.ppc64le.rpm gnutls-devel-3.6.16-4.el8.ppc64le.rpm gnutls-utils-3.6.16-4.el8.ppc64le.rpm gnutls-utils-debuginfo-3.6.16-4.el8.ppc64le.rpm nettle-debuginfo-3.4.1-7.el8.ppc64le.rpm nettle-debugsource-3.4.1-7.el8.ppc64le.rpm nettle-devel-3.4.1-7.el8.ppc64le.rpm
s390x: gnutls-c++-3.6.16-4.el8.s390x.rpm gnutls-c++-debuginfo-3.6.16-4.el8.s390x.rpm gnutls-dane-3.6.16-4.el8.s390x.rpm gnutls-dane-debuginfo-3.6.16-4.el8.s390x.rpm gnutls-debuginfo-3.6.16-4.el8.s390x.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:4451-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4451
Issue date: 2021-11-09

Topic

An update for gnutls and nettle is now available for Red Hat EnterpriseLinux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue bug fix Red Hat Enterprise Linux gnutls nettle

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1776250 - p11tool do not reuse ID for certificate matching ECDSA private key when importing to PKCS#11 device

1908110 - gnutls update 3.6.14-7.el8_3 includes time BOMB in tests

1908334 - gnutls-serv doesn't listen on IPvN loopback addresses if there are no IPvN external addresses configured

1922275 - CVE-2021-20232 gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c

1922276 - CVE-2021-20231 gnutls: Use after free in client key_share extension

1965445 - SHA-1 CAs are rejected even if they are explicitly trusted

1967983 - CVE-2021-3580 nettle: Remote crash in RSA decryption via manipulated ciphertext

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here