gfbgraph-0.2.4-1.el8.ML.1

エラータID: AXSA:2022-3332:02

Release date: 
Friday, July 1, 2022 - 07:07
Subject: 
gfbgraph-0.2.4-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME
Online Accounts.

The following packages have been upgraded to a later upstream version: gfbgraph
(0.2.4). (BZ#1997941)

Security Fix(es):

* gfbgraph: missing TLS certificate verification (CVE-2021-39358)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 8.6 Release Notes linked from the References section.

CVE-2021-39358
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS
certificate verification on the SoupSessionSync objects it creates, leaving
users vulnerable to network MITM attacks. NOTE: this is similar to
CVE-2016-20011.

Solution: 

Update packages.

CVEs: 
CVE-2021-39358
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Additional Info: 

N/A

Download: 

SRPMS
  1. gfbgraph-0.2.4-1.el8.ML.1.src.rpm
    MD5: 885816254281a0da2e923df8f9ae9e56
    SHA-256: 0ac9b3f69bc03e61d46fec8bd5ed8399027d59946b2ced023764cdebf85f130d
    Size: 49.71 kB

Asianux Server 8 for x86_64
  1. gfbgraph-0.2.4-1.el8.ML.1.x86_64.rpm
    MD5: f33ef50c6d760168b895d29f6b8211ac
    SHA-256: 7f70e7f6d6a6c5590380ccdb485adc7038ced1a69ef6d6849d50b5375334ed44
    Size: 40.39 kB
  2. gfbgraph-0.2.4-1.el8.ML.1.i686.rpm
    MD5: f868df6cb88e23ef5ba9685db1608eeb
    SHA-256: 5d4a05a7edde1f3ef63e1e8652a9999c064ba3a397c0bdf5e5a673d69bb9f7d3
    Size: 41.43 kB