RLSA-2021:1206

Source
https://errata.rockylinux.org/RLSA-2021:1206
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:1206.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2021:1206
Related
Published
2021-04-14T20:07:45Z
Modified
2023-02-02T14:09:11.784031Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: gnutls and nettle security update
Details

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

Security Fix(es):

  • nettle: Out of bounds memory access in signature verification (CVE-2021-20305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / gnutls

Package

Name
gnutls
Purl
pkg:rpm/rocky-linux/gnutls?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.6.14-8.el8_3

Rocky Linux:8 / nettle

Package

Name
nettle
Purl
pkg:rpm/rocky-linux/nettle?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.4.1-4.el8_4