gnutls-3.6.16-4.el8, nettle-3.4.1-7.el8

エラータID: AXSA:2021-2630:02

Release date: 
Sunday, December 12, 2021 - 03:26
Subject: 
gnutls-3.6.16-4.el8, nettle-3.4.1-7.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

The following packages have been upgraded to a later upstream version: gnutls (3.6.16).

Security Fix(es):

* nettle: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580)
* gnutls: Use after free in client key_share extension (CVE-2021-20231)
* gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVE-2021-3580
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
CVE-2021-3580
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-3.6.16-4.el8.src.rpm
    MD5: 2d3cbe988700b376d65205ca2f91978e
    SHA-256: cc874af227009aa738f3ec33f260cfb1a89b42e3686dc9bb225e62efc8e32afe
    Size: 5.48 MB
  2. nettle-3.4.1-7.el8.src.rpm
    MD5: 5fcb1cfc3bdff428682de175aebf6a0e
    SHA-256: 5364991ee248794dc79de3604c1013fa01e998b4337d14712c5c15e21d5e648f
    Size: 1.40 MB

Asianux Server 8 for x86_64
  1. gnutls-3.6.16-4.el8.x86_64.rpm
    MD5: 5b409d3a21aab9e100781c9e8bee1c69
    SHA-256: bfd12320d8ea9a43b9d90422408bd97c7a55107277ff63376cf0053dc38b1915
    Size: 0.99 MB
  2. gnutls-c++-3.6.16-4.el8.x86_64.rpm
    MD5: c17e158e8615c67af67f70d373aba275
    SHA-256: 3bf60769c9212bc83a5330d2a8beff730b27ee817255d0a74393ef4fcba8042b
    Size: 47.75 kB
  3. gnutls-dane-3.6.16-4.el8.x86_64.rpm
    MD5: d90ba709cf981d2100fc4aad9f3b49a0
    SHA-256: 8cb03863afc5e5b6dab85bbaf873291fc8527450a22057449a40999084957322
    Size: 51.05 kB
  4. gnutls-devel-3.6.16-4.el8.x86_64.rpm
    MD5: bcfbd7b353c62da8957cdbe57c44d1ce
    SHA-256: d6657350cd000db281c5efbfa3130bfc16efe6975d012bb34e23b39150191f4a
    Size: 2.18 MB
  5. gnutls-utils-3.6.16-4.el8.x86_64.rpm
    MD5: 3acbf59a1065d73ec80a957ae7c82de7
    SHA-256: ff647fc7fa6ed1f3505b4062298d0b84b17e2365d39614e22f3987bb72251fce
    Size: 347.25 kB
  6. nettle-3.4.1-7.el8.x86_64.rpm
    MD5: 07f75d2a56f999298d8e0c7a8d6cadd0
    SHA-256: 0571acdf7c4fef0f0739bb54728bd19b45ca5cd7d4647e98fecc4d2a8d2c2114
    Size: 299.96 kB
  7. nettle-devel-3.4.1-7.el8.x86_64.rpm
    MD5: 3b37a59bbae4f8a3aaa5d9c978280b08
    SHA-256: b1a8aef6e920ba952b377217310edecd54be7fc0abc8dc5c60bc5d73a47ba4ac
    Size: 635.16 kB
  8. gnutls-3.6.16-4.el8.i686.rpm
    MD5: 136ab4d1b6fc27006b19686cff964837
    SHA-256: b2dad8fdba744bc608375b4c090bc7a1659193c5341994a1d968745706f62dbd
    Size: 1.01 MB
  9. gnutls-c++-3.6.16-4.el8.i686.rpm
    MD5: 42a22e323a2eb81512a570e8d65746e1
    SHA-256: ace6d5fa370a96d56c926a1a11adf8cd4403dbaa2a66cf048314ff274f47cb04
    Size: 48.81 kB
  10. gnutls-dane-3.6.16-4.el8.i686.rpm
    MD5: f20ef9e2a26cc2bd71805f66b9be2f5b
    SHA-256: 42a6ac20faea15c32db2938db4482689cddd6900b1826c69a3cb9c995ece33d4
    Size: 51.89 kB
  11. gnutls-devel-3.6.16-4.el8.i686.rpm
    MD5: 352dc44e694592d71be729382681b34b
    SHA-256: 9da6a552176db2ded7cf328b379f87798a1039c256bf6ff97786b37c32ed5314
    Size: 2.18 MB
  12. nettle-3.4.1-7.el8.i686.rpm
    MD5: 8fc22f66519b2fa8292a980adca542a6
    SHA-256: 1f7f40b7ed0361b9fa71dcae2755239380e7f50dd6ea91b8d558c8aa9caa843a
    Size: 319.97 kB
  13. nettle-devel-3.4.1-7.el8.i686.rpm
    MD5: 18ed76c1deb9b0f0e8e2eae58f38931a
    SHA-256: 0b286fac98c16837c5d37f6186ef7333998935d110810239e1d0a8559636e23a
    Size: 635.18 kB