gnutls-3.4.15-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10105 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gnutls-3.4.15-1.1 on GA media These are all security issues fixed in the gnutls-3.4.15-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10105 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10105 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-4989/ SUSE CVE CVE-2008-4989 page https://www.suse.com/security/cve/CVE-2011-4128/ SUSE CVE CVE-2011-4128 page https://www.suse.com/security/cve/CVE-2012-0390/ SUSE CVE CVE-2012-0390 page https://www.suse.com/security/cve/CVE-2012-1569/ SUSE CVE CVE-2012-1569 page https://www.suse.com/security/cve/CVE-2012-1573/ SUSE CVE CVE-2012-1573 page https://www.suse.com/security/cve/CVE-2014-0092/ SUSE CVE CVE-2014-0092 page https://www.suse.com/security/cve/CVE-2014-1959/ SUSE CVE CVE-2014-1959 page https://www.suse.com/security/cve/CVE-2014-3466/ SUSE CVE CVE-2014-3466 page https://www.suse.com/security/cve/CVE-2014-8564/ SUSE CVE CVE-2014-8564 page https://www.suse.com/security/cve/CVE-2015-6251/ SUSE CVE CVE-2015-6251 page openSUSE Tumbleweed gnutls-3.4.15-1.1 gnutls-guile-3.4.15-1.1 libgnutls-dane-devel-3.4.15-1.1 libgnutls-dane0-3.4.15-1.1 libgnutls-devel-3.4.15-1.1 libgnutls-devel-32bit-3.4.15-1.1 libgnutls-openssl-devel-3.4.15-1.1 libgnutls-openssl27-3.4.15-1.1 libgnutls30-3.4.15-1.1 libgnutls30-32bit-3.4.15-1.1 libgnutlsxx-devel-3.4.15-1.1 libgnutlsxx28-3.4.15-1.1 gnutls-3.4.15-1.1 as a component of openSUSE Tumbleweed gnutls-guile-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-dane-devel-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-dane0-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-devel-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-devel-32bit-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-openssl-devel-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls-openssl27-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls30-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutls30-32bit-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutlsxx-devel-3.4.15-1.1 as a component of openSUSE Tumbleweed libgnutlsxx28-3.4.15-1.1 as a component of openSUSE Tumbleweed The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). CVE-2008-4989 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-4989.html CVE-2008-4989 https://bugzilla.suse.com/392947 SUSE Bug 392947 https://bugzilla.suse.com/441856 SUSE Bug 441856 https://bugzilla.suse.com/467911 SUSE Bug 467911 Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. CVE-2011-4128 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4128.html CVE-2011-4128 https://bugzilla.suse.com/729486 SUSE Bug 729486 The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. CVE-2012-0390 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0390.html CVE-2012-0390 https://bugzilla.suse.com/739898 SUSE Bug 739898 The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVE-2012-1569 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1569.html CVE-2012-1569 https://bugzilla.suse.com/752193 SUSE Bug 752193 https://bugzilla.suse.com/753301 SUSE Bug 753301 https://bugzilla.suse.com/924966 SUSE Bug 924966 gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. CVE-2012-1573 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1573.html CVE-2012-1573 https://bugzilla.suse.com/752193 SUSE Bug 752193 https://bugzilla.suse.com/754223 SUSE Bug 754223 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0092.html CVE-2014-0092 https://bugzilla.suse.com/865804 SUSE Bug 865804 https://bugzilla.suse.com/915878 SUSE Bug 915878 lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. CVE-2014-1959 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1959.html CVE-2014-1959 https://bugzilla.suse.com/863989 SUSE Bug 863989 https://bugzilla.suse.com/865993 SUSE Bug 865993 Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. CVE-2014-3466 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3466.html CVE-2014-3466 https://bugzilla.suse.com/880730 SUSE Bug 880730 The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. CVE-2014-8564 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8564.html CVE-2014-8564 https://bugzilla.suse.com/904603 SUSE Bug 904603 Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. CVE-2015-6251 openSUSE Tumbleweed:gnutls-3.4.15-1.1 openSUSE Tumbleweed:gnutls-guile-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-dane0-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-devel-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutls-openssl27-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-3.4.15-1.1 openSUSE Tumbleweed:libgnutls30-32bit-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx-devel-3.4.15-1.1 openSUSE Tumbleweed:libgnutlsxx28-3.4.15-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6251.html CVE-2015-6251 https://bugzilla.suse.com/941794 SUSE Bug 941794