gnutls-3.6.14-7.0.1.el8

エラータID: AXSA:2021-1156:01

Release date: 
Thursday, January 14, 2021 - 04:51
Subject: 
gnutls-3.6.14-7.0.1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)

CVE-2020-24659
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.6.14-7.0.1.el8.src.rpm
    MD5: dea30735d2f1e1f4612e882bfea40891
    SHA-256: 56f8045fc5180aa4221de6974676154ac570ebb8b30bdf951fc980b074fc3b60
    Size: 5.91 MB

Asianux Server 8 for x86_64
  1. gnutls-3.6.14-7.0.1.el8.x86_64.rpm
    MD5: e9cd74dd89e04d26ded4aa1beaf67daa
    SHA-256: a8ffa484b769c65bb58de2eae0b9bc30875645e2548c52ea5a93b0947e05293e
    Size: 0.99 MB
  2. gnutls-c++-3.6.14-7.0.1.el8.x86_64.rpm
    MD5: 6cf88f1f4f56bfab978ebae780b00cc4
    SHA-256: 5196c4506837ca6f95a4e882f54ba7ef87eba2ab29edadd7971d0796477a585d
    Size: 47.06 kB
  3. gnutls-dane-3.6.14-7.0.1.el8.x86_64.rpm
    MD5: 1b388837a4b7af93cf9df0fdb519c76c
    SHA-256: d6a7e396240f79e15bc72f314407c051fda198ecbce3764063a12690dca95b46
    Size: 50.28 kB
  4. gnutls-devel-3.6.14-7.0.1.el8.x86_64.rpm
    MD5: d2b171d83ca80616d83d1799e7e2b17c
    SHA-256: e9d2f7d2327dfc77bd77ec097e58b2a749da71dec935323413c7c3547d666c55
    Size: 2.18 MB
  5. gnutls-utils-3.6.14-7.0.1.el8.x86_64.rpm
    MD5: a3cbc58d51c6ae24c3222c36c4f13f69
    SHA-256: e070190228ae2301db17225dfea8b625e3a05da5954a2ff2b7ed3c52182bedaa
    Size: 346.28 kB
  6. gnutls-3.6.14-7.0.1.el8.i686.rpm
    MD5: 76990254b07544cbcf0652b8eafeb9ef
    SHA-256: dee2af7f647df1b2451c1ff850840190b889c5288c93eebdc1f71ba48c2dd436
    Size: 1.00 MB
  7. gnutls-c++-3.6.14-7.0.1.el8.i686.rpm
    MD5: de9dd0d3c1e80323e23ec6dc8e45df3e
    SHA-256: 7a1f62f456014895afa61ab49c2a087aeed6d34c4d39eba92374093ed0ebe198
    Size: 48.14 kB
  8. gnutls-dane-3.6.14-7.0.1.el8.i686.rpm
    MD5: d526d38a0442b3a92d0f281dc7f13605
    SHA-256: cdeea12afacb7cf2ad4a666f3244602f82565b3005f54a40ed8e6fe555d58484
    Size: 51.20 kB
  9. gnutls-devel-3.6.14-7.0.1.el8.i686.rpm
    MD5: 81d22fd9b95ddfc2d85cad278561dfc3
    SHA-256: 3c62989df627bd6dd34e203d445793fde6afbd0e34888f68c8523fb44b929cd8
    Size: 2.18 MB