Security update for gnutls SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0470-1 Final 1 1 2021-03-25T08:10:53Z current 2021-03-25T08:10:53Z 2021-03-25T08:10:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnutls This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-470 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LUDG7BXPVVVALM2YUCJ2EKIRBHFXMY75/ E-Mail link for openSUSE-SU-2021:0470-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183456 SUSE Bug 1183456 https://bugzilla.suse.com/1183457 SUSE Bug 1183457 https://www.suse.com/security/cve/CVE-2021-20231/ SUSE CVE CVE-2021-20231 page https://www.suse.com/security/cve/CVE-2021-20232/ SUSE CVE CVE-2021-20232 page openSUSE Leap 15.2 gnutls-3.6.7-lp152.9.9.1 gnutls-guile-3.6.7-lp152.9.9.1 libgnutls-dane-devel-3.6.7-lp152.9.9.1 libgnutls-dane0-3.6.7-lp152.9.9.1 libgnutls-devel-3.6.7-lp152.9.9.1 libgnutls-devel-32bit-3.6.7-lp152.9.9.1 libgnutls30-3.6.7-lp152.9.9.1 libgnutls30-32bit-3.6.7-lp152.9.9.1 libgnutls30-hmac-3.6.7-lp152.9.9.1 libgnutls30-hmac-32bit-3.6.7-lp152.9.9.1 libgnutlsxx-devel-3.6.7-lp152.9.9.1 libgnutlsxx28-3.6.7-lp152.9.9.1 gnutls-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 gnutls-guile-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls-dane-devel-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls-dane0-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls-devel-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls-devel-32bit-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls30-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls30-32bit-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls30-hmac-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutls30-hmac-32bit-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutlsxx-devel-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 libgnutlsxx28-3.6.7-lp152.9.9.1 as a component of openSUSE Leap 15.2 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. CVE-2021-20231 openSUSE Leap 15.2:gnutls-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:gnutls-guile-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-dane-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-dane0-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-devel-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-hmac-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-hmac-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutlsxx-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutlsxx28-3.6.7-lp152.9.9.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LUDG7BXPVVVALM2YUCJ2EKIRBHFXMY75/ https://www.suse.com/security/cve/CVE-2021-20231.html CVE-2021-20231 https://bugzilla.suse.com/1183457 SUSE Bug 1183457 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. CVE-2021-20232 openSUSE Leap 15.2:gnutls-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:gnutls-guile-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-dane-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-dane0-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls-devel-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-hmac-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutls30-hmac-32bit-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutlsxx-devel-3.6.7-lp152.9.9.1 openSUSE Leap 15.2:libgnutlsxx28-3.6.7-lp152.9.9.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LUDG7BXPVVVALM2YUCJ2EKIRBHFXMY75/ https://www.suse.com/security/cve/CVE-2021-20232.html CVE-2021-20232 https://bugzilla.suse.com/1183456 SUSE Bug 1183456