SUSE: 2020:0948-2 Moderate: Fixes for gmp and gnutls DTLS Issue
suse
July 13, 2022
An update that solves one vulnerability, contains one feature and has three fixes is now available
Summary
This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3:
Topics Covered
References
#1152692 #1155327 #1166881 #1168345 SLE-9518
Cross- CVE-2020-11501
CVSS scores:
CVE-2020-11501 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2020-11501 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Module for Certifications 15-SP3
https://www.suse.com/security/cve/CVE-2020-11501.html
https://bugzilla.suse.com/1152692
https://bugzilla.suse.com/1155327
https://bugzilla.suse.com/1166881
https://bugzilla.suse.com/1168345
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:0948-2
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!