SUSE-SU-2020:0948-2

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2020/suse-su-20200948-2/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0948-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2020:0948-2
Upstream
Related
Published
2022-07-13T16:17:58Z
Modified
2026-01-30T00:41:22.034932Z
Summary
Security update for gmp, gnutls, libnettle
Details

This update for gmp, gnutls, libnettle fixes the following issues:

Security issue fixed:

  • CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

FIPS related bugfixes:

  • FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
  • FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
  • FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
References

Affected packages

SUSE:Linux Enterprise Module for Certifications 15 SP3
gmp

Package

Name
gmp
Purl
pkg:rpm/suse/gmp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Certifications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.2-4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "libgmpxx4-32bit": "6.1.2-4.3.1",
            "gmp-devel-32bit": "6.1.2-4.3.1",
            "nettle": "3.4.1-4.12.1",
            "libnettle-devel-32bit": "3.4.1-4.12.1",
            "libnettle6-32bit": "3.4.1-4.12.1",
            "libnettle6": "3.4.1-4.12.1",
            "gmp-devel": "6.1.2-4.3.1",
            "libgmp10": "6.1.2-4.3.1",
            "libhogweed4": "3.4.1-4.12.1",
            "libnettle-devel": "3.4.1-4.12.1",
            "libgmp10-32bit": "6.1.2-4.3.1",
            "libhogweed4-32bit": "3.4.1-4.12.1",
            "libgmpxx4": "6.1.2-4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0948-2.json"
libnettle

Package

Name
libnettle
Purl
pkg:rpm/suse/libnettle&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Certifications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1-4.12.1

Ecosystem specific 

{
    "binaries": [
        {
            "libgmpxx4-32bit": "6.1.2-4.3.1",
            "gmp-devel-32bit": "6.1.2-4.3.1",
            "nettle": "3.4.1-4.12.1",
            "libnettle-devel-32bit": "3.4.1-4.12.1",
            "libnettle6-32bit": "3.4.1-4.12.1",
            "libnettle6": "3.4.1-4.12.1",
            "gmp-devel": "6.1.2-4.3.1",
            "libgmp10": "6.1.2-4.3.1",
            "libhogweed4": "3.4.1-4.12.1",
            "libnettle-devel": "3.4.1-4.12.1",
            "libgmp10-32bit": "6.1.2-4.3.1",
            "libhogweed4-32bit": "3.4.1-4.12.1",
            "libgmpxx4": "6.1.2-4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0948-2.json"