SUSE: 2020:0948-2 moderate: gmp, gnutls, libnettle | LinuxSecurity.com

Advisories


   SUSE Security Update: Security update for gmp, gnutls, libnettle
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0948-2
Rating:             moderate
References:         #1152692 #1155327 #1166881 #1168345 SLE-9518 
                    
Cross-References:   CVE-2020-11501
CVSS scores:
                    CVE-2020-11501 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2020-11501 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:
                    SUSE Linux Enterprise Module for Certifications 15-SP3
______________________________________________________________________________

   An update that solves one vulnerability, contains one
   feature and has three fixes is now available.

Description:

   This update for gmp, gnutls, libnettle fixes the following issues:

   Security issue fixed:

   - CVE-2020-11501: Fixed zero random value in DTLS client hello
     (bsc#1168345)

   FIPS related bugfixes:

   - FIPS: Install checksums for binary integrity verification which are
     required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
   - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
     input is shorter than block size. (bsc#1166881)
   - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Certifications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2391=1



Package List:

   - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64):

      gmp-debugsource-6.1.2-4.3.1
      gmp-devel-6.1.2-4.3.1
      libgmp10-6.1.2-4.3.1
      libgmp10-debuginfo-6.1.2-4.3.1
      libgmpxx4-6.1.2-4.3.1
      libgmpxx4-debuginfo-6.1.2-4.3.1
      libhogweed4-3.4.1-4.12.1
      libhogweed4-debuginfo-3.4.1-4.12.1
      libnettle-debugsource-3.4.1-4.12.1
      libnettle-devel-3.4.1-4.12.1
      libnettle6-3.4.1-4.12.1
      libnettle6-debuginfo-3.4.1-4.12.1
      nettle-3.4.1-4.12.1
      nettle-debuginfo-3.4.1-4.12.1

   - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64):

      gmp-devel-32bit-6.1.2-4.3.1
      libgmp10-32bit-6.1.2-4.3.1
      libgmp10-32bit-debuginfo-6.1.2-4.3.1
      libgmpxx4-32bit-6.1.2-4.3.1
      libgmpxx4-32bit-debuginfo-6.1.2-4.3.1
      libhogweed4-32bit-3.4.1-4.12.1
      libhogweed4-32bit-debuginfo-3.4.1-4.12.1
      libnettle-devel-32bit-3.4.1-4.12.1
      libnettle6-32bit-3.4.1-4.12.1
      libnettle6-32bit-debuginfo-3.4.1-4.12.1


References:

   https://www.suse.com/security/cve/CVE-2020-11501.html
   https://bugzilla.suse.com/1152692
   https://bugzilla.suse.com/1155327
   https://bugzilla.suse.com/1166881
   https://bugzilla.suse.com/1168345

SUSE: 2020:0948-2 moderate: gmp, gnutls, libnettle

July 13, 2022
An update that solves one vulnerability, contains one feature and has three fixes is now available

Summary

This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2391=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): gmp-debugsource-6.1.2-4.3.1 gmp-devel-6.1.2-4.3.1 libgmp10-6.1.2-4.3.1 libgmp10-debuginfo-6.1.2-4.3.1 libgmpxx4-6.1.2-4.3.1 libgmpxx4-debuginfo-6.1.2-4.3.1 libhogweed4-3.4.1-4.12.1 libhogweed4-debuginfo-3.4.1-4.12.1 libnettle-debugsource-3.4.1-4.12.1 libnettle-devel-3.4.1-4.12.1 libnettle6-3.4.1-4.12.1 libnettle6-debuginfo-3.4.1-4.12.1 nettle-3.4.1-4.12.1 nettle-debuginfo-3.4.1-4.12.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): gmp-devel-32bit-6.1.2-4.3.1 libgmp10-32bit-6.1.2-4.3.1 libgmp10-32bit-debuginfo-6.1.2-4.3.1 libgmpxx4-32bit-6.1.2-4.3.1 libgmpxx4-32bit-debuginfo-6.1.2-4.3.1 libhogweed4-32bit-3.4.1-4.12.1 libhogweed4-32bit-debuginfo-3.4.1-4.12.1 libnettle-devel-32bit-3.4.1-4.12.1 libnettle6-32bit-3.4.1-4.12.1 libnettle6-32bit-debuginfo-3.4.1-4.12.1

References

#1152692 #1155327 #1166881 #1168345 SLE-9518

Cross- CVE-2020-11501

CVSS scores:

CVE-2020-11501 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2020-11501 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Module for Certifications 15-SP3

https://www.suse.com/security/cve/CVE-2020-11501.html

https://bugzilla.suse.com/1152692

https://bugzilla.suse.com/1155327

https://bugzilla.suse.com/1166881

https://bugzilla.suse.com/1168345

Severity
Announcement ID: SUSE-SU-2020:0948-2
Rating: moderate

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.