ALSA-2021:4451

[ALSA-2021:4451] Moderate: gnutls and nettle security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

The following packages have been upgraded to a later upstream version: gnutls (3.6.16). (BZ#1956783)

Security Fix(es):

* nettle: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580)

* gnutls: Use after free in client key_share extension (CVE-2021-20231)

* gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gnutls-devel-3.6.16-4.el8.aarch64.rpm	11672a50cf19e968908a94675231efafabf63e832bccecb05b0c25d02abc73d3
aarch64	gnutls-3.6.16-4.el8.aarch64.rpm	22e254285c6d06fce13c403e01a4c947ead7576505645a6f69e9998133797d3e
aarch64	gnutls-utils-3.6.16-4.el8.aarch64.rpm	709299263ced2a3eea74511eb317ec86f3a37be5f5e3016dadb53ba71d723de8
aarch64	gnutls-c++-3.6.16-4.el8.aarch64.rpm	a83c417b75b985a07f7b6ce98aafbc56d0236e25cc97423154472885b7396360
aarch64	gnutls-dane-3.6.16-4.el8.aarch64.rpm	a9f7a2803365f5491cb6ae1dcb9ae4eda92f49e450c058dbf381f7446804bd8d
aarch64	nettle-3.4.1-7.el8.aarch64.rpm	cbdbfd1b9e97a628f2c2409f3c64883a86d7b25a4dbf7ea21ac3ca476098ab7b
aarch64	nettle-devel-3.4.1-7.el8.aarch64.rpm	f4db41e0b6ff5fe5c4af34b46b89e1a3fe97342705e47dbbf9b546210d50ee0b
i686	gnutls-c++-3.6.16-4.el8.i686.rpm	790d89a33282ebed5a8df3fb79eff091d7ee86da1a899928b18b0c4716fa71c1
i686	nettle-devel-3.4.1-7.el8.i686.rpm	8c55b0464d22397a76c947e2a4c0d09584f60133332cbb3937c3a851046074d4
i686	gnutls-devel-3.6.16-4.el8.i686.rpm	ba1006a8b7d997e04d59459827adbd871c46b4d614efe03859137f6da12651b3
i686	gnutls-dane-3.6.16-4.el8.i686.rpm	c94fa8ceeea36419f1336b83b55880b3b29d2682cd4bcd718154a5869c04227a
ppc64le	nettle-devel-3.4.1-7.el8.ppc64le.rpm	2543c570f95fae8bf3661c856e18d9c2b681c1092ed9d73a2c519f823a730911
ppc64le	gnutls-devel-3.6.16-4.el8.ppc64le.rpm	32e1fcf7cbbd1fb08432a678f1a6e3dd754aa7e0a203a683ed550789c6f92d7f
ppc64le	gnutls-utils-3.6.16-4.el8.ppc64le.rpm	3d390dc4001af074d803b661db5531b37c1ee940287afa3e1f730dd20879815e
ppc64le	gnutls-c++-3.6.16-4.el8.ppc64le.rpm	895b7e3b5b3070386e82d21439bb1f21dd7b558f4e45eb72690f6f5a5ddfe4c7
ppc64le	gnutls-dane-3.6.16-4.el8.ppc64le.rpm	8d7c7116b6ab5eb5e914d374a7e0f05a5855caee48889e69b02b4a488ac18d97
ppc64le	nettle-3.4.1-7.el8.ppc64le.rpm	caa065d42ba1f79cae09f7eaa88216dba8f1f12d3439901ac46eee83616be5b4
ppc64le	gnutls-3.6.16-4.el8.ppc64le.rpm	ef3a0cee63b8a37de0e10cb0f3a5dc0841b0619028fec4c9a5c7ea0554b6c08b
x86_64	gnutls-3.6.16-4.el8.x86_64.rpm	101b56ef82aaf753f6c9f3a4ae82892c4d726a1beafd80301cf3056a938edb8d
x86_64	gnutls-devel-3.6.16-4.el8.x86_64.rpm	7671fb0d5006ba5d5a39405d942e72926a9cdb0820632e58c81c74ab5f469e8d
x86_64	gnutls-c++-3.6.16-4.el8.x86_64.rpm	92b0588feac9b9fa447feb1e49aab637d945f58c07010eba03b6aae661221147
x86_64	nettle-devel-3.4.1-7.el8.x86_64.rpm	d222480bdf135a1b457a79e367654f10f41b237d8e936f98750547a8389978e8
x86_64	gnutls-dane-3.6.16-4.el8.x86_64.rpm	d5f665a3f66e1e390079605cf02b4ae546a04ffaa274e3e4fcc4c2efa7915230
x86_64	gnutls-utils-3.6.16-4.el8.x86_64.rpm	f344b41cd85c07b436434d082893d00e2772874ab858dc2d2bb2e149ad605c2d
x86_64	nettle-3.4.1-7.el8.x86_64.rpm	fb4aaa22b2e2f2fc0c451b87ac464e8746d240397d64e79f6bfd38f4e9128a5a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.