grilo-0.3.6-3.el8

エラータID: AXSA:2021-2701:01

Release date: 
Monday, December 13, 2021 - 08:44
Subject: 
grilo-0.3.6-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Grilo is a framework that provides access to different sources of multimedia
content, using a pluggable system. The grilo package contains the core library
and elements.

Security Fix(es):

* grilo: missing TLS certificate verification (CVE-2021-39365)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-39365
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate
verification on the SoupSessionAsync objects it creates, leaving users
vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Solution: 

Update packages.

CVEs: 
CVE-2021-39365

Additional Info: 

N/A

Download: 

SRPMS
  1. grilo-0.3.6-3.el8.src.rpm
    MD5: ae9e9e01c64efc14faea5f6b431dc3c1
    SHA-256: f4022735577c49f37a11753d5f297dd7f23b9fc255e26b5984a2b45efae4f99c
    Size: 655.09 kB

Asianux Server 8 for x86_64
  1. grilo-0.3.6-3.el8.x86_64.rpm
    MD5: fc5e32acf5f92cb6043f3e8bf3523fec
    SHA-256: d0cd030ada6f93d6c1b67d5a51e5ed2e29f46157d401783582ffe854ecc65e4c
    Size: 218.70 kB
  2. grilo-devel-0.3.6-3.el8.x86_64.rpm
    MD5: c17d5494480ce6aa8818604ac7a9a6e7
    SHA-256: db763a5777a8c407f80f43742630e3351af43109288d7458b00d9943589c53af
    Size: 170.54 kB
  3. grilo-0.3.6-3.el8.i686.rpm
    MD5: 28aae8df785162034334e8453ebaa140
    SHA-256: 5e1a6071f36ed699e0efae4e7f44be8051bdf196e83394e393fd6209152f3736
    Size: 226.77 kB
  4. grilo-devel-0.3.6-3.el8.i686.rpm
    MD5: 9fd68c0db786ab66a73df748ab87a14f
    SHA-256: a77cb840f29d6c5c3db7cbdb48cc64e1bfbffcf0d0a6016cada04e8f07837ce5
    Size: 170.53 kB