Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

SUSE MicroOS: 2021:0935-1 Important GnuTLS Memory Corruption Fix

suse
Calendar Grey March 24, 2021
Dist Suse Esm H88
Update for gnutls resolves serious vulnerabilities in SUSE MicroOS and Enterprise Module, providing remedies for potential memory corruption hazards.
An update that fixes two vulnerabilities is now available

Summary

This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-935=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-935=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): gnutls-debuginfo-3.6.7-14.10.2

References

#1183456 #1183457

Cross- CVE-2021-20231 CVE-2021-20232

CVSS scores:

CVE-2021-20231 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20231 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2021-20232 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-20232 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

SUSE MicroOS 5.0

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2021-20231.html

https://www.suse.com/security/cve/CVE-2021-20232.html

https://bugzilla.suse.com/1183456

https://bugzilla.suse.com/1183457

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0935-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.