RLSA-2022:6854
- Source
- https://errata.rockylinux.org/RLSA-2022:6854
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2022:6854.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2022:6854
- Related
- Published
- 2022-10-11T07:10:20Z
- Modified
- 2023-02-02T13:56:34.083706Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Moderate: gnutls and nettle security, bug fix, and enhancement update
- Details
-
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
The following packages have been upgraded to a later upstream version: gnutls (3.7.6), nettle (3.8).
Security Fix(es):
- gnutls: Double free during gnutlspkcs7verify. (CVE-2022-2509)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
[IBM 9.1] [P10] POWER10 performance enhancements for cryptography: nettle - incremental work (BZ#2102589)
Allow enabling KTLS in Rocky Linux 9.1 (BZ#2108532)
DES-CBC bag is decryptable under FIPS (BZ#2115314)
allow signature verification using RSA keys <2k in FIPS mode (BZ#2119770)
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-