Lucene search

K
oraclelinuxOracleLinuxELSA-2021-4451
HistoryNov 16, 2021 - 12:00 a.m.

gnutls and nettle security, bug fix, and enhancement update

2021-11-1600:00:00
linux.oracle.com
73

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

gnutls
[3.6.16-4]

  • p11tool: Document ID reuse behavior when importing certs (#1776250)
    [3.6.16-3]
  • Treat SHA-1 signed CA in the trusted set differently (#1965445)
    [3.6.16-2]
  • Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216)
    [3.6.16-1]
  • Update to upstream 3.6.16 release (#1956783)
  • Fix potential use-after-free in key_share handling (#1927597)
  • Fix potential use-after-free in pre_shared_key handling (#1927593)
  • Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334)
  • Fix cert expiration issue in tests (#1908110)
    [3.6.14-10]
  • Port fixes for potential miscalculation in ecdsa_verify (#1942931)
    [3.6.14-9]
  • Revert the previous change
    nettle
    [3.4.1-7]
  • Backport CVE-2021-3580 from upstream 3.7.3 release (#1967990)
    [3.4.1-6]
  • Enable CTR mode optimization when the block size is 16
    [3.4.1-5]
  • Backport powerpc64 optimization patches from upstream (#1855228)
    Patch from Christopher M. Riedl.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for ELSA-2021-4451