ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update

AlmaLinux 2241 Published 2022-10-15 05:28 by Philipp Esselbach

News

A gnutls and nettle security, bug fix, and enhancement update has been released for AlmaLinux 9.

ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update

Type:
security

Severity:
moderate

Release date:
2022-10-13

Description
Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
The following packages have been upgraded to a later upstream version: gnutls (3.7.6), nettle (3.8).
Security Fix(es):
* gnutls: Double free during gnutls_pkcs7_verify. (CVE-2022-2509)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* IBM 9.1 P10 POWER10 performance enhancements for cryptography: nettle - incremental work (BZ#2102589)
* Allow enabling KTLS in AlmaLinux 9.1 (BZ#2108532)
* DES-CBC bag is decryptable under FIPS (BZ#2115314)
* allow signature verification using RSA keys

References:
RHSA-2022:6854
CVE-2022-2509
ALSA-2022:6854

Updates packages:
gnutls-dane-3.7.6-12.el9_0.i686.rpm
gnutls-c++-3.7.6-12.el9_0.i686.rpm
gnutls-utils-3.7.6-12.el9_0.x86_64.rpm
gnutls-devel-3.7.6-12.el9_0.i686.rpm
gnutls-devel-3.7.6-12.el9_0.ppc64le.rpm
gnutls-c++-3.7.6-12.el9_0.ppc64le.rpm
gnutls-dane-3.7.6-12.el9_0.ppc64le.rpm
gnutls-utils-3.7.6-12.el9_0.ppc64le.rpm
gnutls-c++-3.7.6-12.el9_0.aarch64.rpm
gnutls-utils-3.7.6-12.el9_0.aarch64.rpm
gnutls-devel-3.7.6-12.el9_0.aarch64.rpm
gnutls-dane-3.7.6-12.el9_0.aarch64.rpm
gnutls-dane-3.7.6-12.el9_0.s390x.rpm
gnutls-utils-3.7.6-12.el9_0.s390x.rpm
gnutls-devel-3.7.6-12.el9_0.s390x.rpm
gnutls-c++-3.7.6-12.el9_0.s390x.rpm
gnutls-3.7.6-12.el9_0.i686.rpm
gnutls-3.7.6-12.el9_0.ppc64le.rpm
gnutls-3.7.6-12.el9_0.aarch64.rpm
gnutls-3.7.6-12.el9_0.s390x.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update

ELBA-2022-6851 Oracle Linux 7 copy-jdk-configs can remove empty dirs in etc if rogue symlink is placed in jdk (aarch64)

ASA-202210-1: linux-hardened: multiple issues

ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update

ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update

Windows

Linux

macOS

Community