openSUSE-SU-2020:0501-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0501-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0501-1
Related
Published
2020-04-11T12:16:14Z
Modified
2025-05-07T18:11:19.313282Z
Upstream
Summary
Security update for gmp, gnutls, libnettle
Details

This update for gmp, gnutls, libnettle fixes the following issues:

Security issue fixed:

  • CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

FIPS related bugfixes:

  • FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
  • FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
  • FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.1 / gmp

Package

Name
gmp
Purl
pkg:rpm/opensuse/gmp&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.2-lp151.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "libhogweed4": "3.4.1-lp151.2.3.2",
            "libnettle6-32bit": "3.4.1-lp151.2.3.2",
            "gnutls": "3.6.7-lp151.2.6.1",
            "gnutls-guile": "3.6.7-lp151.2.6.1",
            "libnettle6": "3.4.1-lp151.2.3.2",
            "libgnutls-devel": "3.6.7-lp151.2.6.1",
            "libgmpxx4-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-hmac": "3.6.7-lp151.2.6.1",
            "libgnutls30": "3.6.7-lp151.2.6.1",
            "libgmp10-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-32bit": "3.6.7-lp151.2.6.1",
            "libgnutlsxx28": "3.6.7-lp151.2.6.1",
            "gmp-devel-32bit": "6.1.2-lp151.4.3.1",
            "libhogweed4-32bit": "3.4.1-lp151.2.3.2",
            "libgnutlsxx-devel": "3.6.7-lp151.2.6.1",
            "libgnutls-dane0": "3.6.7-lp151.2.6.1",
            "libnettle-devel": "3.4.1-lp151.2.3.2",
            "gmp-devel": "6.1.2-lp151.4.3.1",
            "libgnutls-dane-devel": "3.6.7-lp151.2.6.1",
            "libgmp10": "6.1.2-lp151.4.3.1",
            "libnettle-devel-32bit": "3.4.1-lp151.2.3.2",
            "libgnutls30-hmac-32bit": "3.6.7-lp151.2.6.1",
            "libgmpxx4": "6.1.2-lp151.4.3.1",
            "libgnutls-devel-32bit": "3.6.7-lp151.2.6.1",
            "nettle": "3.4.1-lp151.2.3.2"
        }
    ]
}

openSUSE:Leap 15.1 / gnutls

Package

Name
gnutls
Purl
pkg:rpm/opensuse/gnutls&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.7-lp151.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "libhogweed4": "3.4.1-lp151.2.3.2",
            "libnettle6-32bit": "3.4.1-lp151.2.3.2",
            "gnutls": "3.6.7-lp151.2.6.1",
            "gnutls-guile": "3.6.7-lp151.2.6.1",
            "libnettle6": "3.4.1-lp151.2.3.2",
            "libgnutls-devel": "3.6.7-lp151.2.6.1",
            "libgmpxx4-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-hmac": "3.6.7-lp151.2.6.1",
            "libgnutls30": "3.6.7-lp151.2.6.1",
            "libgmp10-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-32bit": "3.6.7-lp151.2.6.1",
            "libgnutlsxx28": "3.6.7-lp151.2.6.1",
            "gmp-devel-32bit": "6.1.2-lp151.4.3.1",
            "libhogweed4-32bit": "3.4.1-lp151.2.3.2",
            "libgnutlsxx-devel": "3.6.7-lp151.2.6.1",
            "libgnutls-dane0": "3.6.7-lp151.2.6.1",
            "libnettle-devel": "3.4.1-lp151.2.3.2",
            "gmp-devel": "6.1.2-lp151.4.3.1",
            "libgnutls-dane-devel": "3.6.7-lp151.2.6.1",
            "libgmp10": "6.1.2-lp151.4.3.1",
            "libnettle-devel-32bit": "3.4.1-lp151.2.3.2",
            "libgnutls30-hmac-32bit": "3.6.7-lp151.2.6.1",
            "libgmpxx4": "6.1.2-lp151.4.3.1",
            "libgnutls-devel-32bit": "3.6.7-lp151.2.6.1",
            "nettle": "3.4.1-lp151.2.3.2"
        }
    ]
}

openSUSE:Leap 15.1 / libnettle

Package

Name
libnettle
Purl
pkg:rpm/opensuse/libnettle&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1-lp151.2.3.2

Ecosystem specific 

{
    "binaries": [
        {
            "libhogweed4": "3.4.1-lp151.2.3.2",
            "libnettle6-32bit": "3.4.1-lp151.2.3.2",
            "gnutls": "3.6.7-lp151.2.6.1",
            "gnutls-guile": "3.6.7-lp151.2.6.1",
            "libnettle6": "3.4.1-lp151.2.3.2",
            "libgnutls-devel": "3.6.7-lp151.2.6.1",
            "libgmpxx4-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-hmac": "3.6.7-lp151.2.6.1",
            "libgnutls30": "3.6.7-lp151.2.6.1",
            "libgmp10-32bit": "6.1.2-lp151.4.3.1",
            "libgnutls30-32bit": "3.6.7-lp151.2.6.1",
            "libgnutlsxx28": "3.6.7-lp151.2.6.1",
            "gmp-devel-32bit": "6.1.2-lp151.4.3.1",
            "libhogweed4-32bit": "3.4.1-lp151.2.3.2",
            "libgnutlsxx-devel": "3.6.7-lp151.2.6.1",
            "libgnutls-dane0": "3.6.7-lp151.2.6.1",
            "libnettle-devel": "3.4.1-lp151.2.3.2",
            "gmp-devel": "6.1.2-lp151.4.3.1",
            "libgnutls-dane-devel": "3.6.7-lp151.2.6.1",
            "libgmp10": "6.1.2-lp151.4.3.1",
            "libnettle-devel-32bit": "3.4.1-lp151.2.3.2",
            "libgnutls30-hmac-32bit": "3.6.7-lp151.2.6.1",
            "libgmpxx4": "6.1.2-lp151.4.3.1",
            "libgnutls-devel-32bit": "3.6.7-lp151.2.6.1",
            "nettle": "3.4.1-lp151.2.3.2"
        }
    ]
}