Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#14750 closed enhancement (fixed)

gnutls-3.7.1 (CVE-2021-20231,20232)

Reported by: Bruce Dubbs Owned by: Xi Ruoyao
Priority: elevated Milestone: 11.0
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (4)

comment:1 by Xi Ruoyao, 3 years ago

Owner: changed from blfs-book to Xi Ruoyao
Priority: normalelevated
Status: newassigned
Summary: gnutls-3.7.1gnutls-3.7.1 (CVE-2021-20231,20232)
* Version 3.7.1 (released 2021-03-10)

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]

** libgnutls: Fixed a regression in handling duplicated certs in a
   chain (#1131).

** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox
   compatibiltiy mode. In that mode the client shall always send a
   non-zero session ID to make the handshake resemble the TLS 1.2
   resumption; this was not true in the previous versions (#1074).

** libgnutls: W32 performance improvement with a new sendmsg()-like
   transport implementation (!1377).

** libgnutls: Removed dependency on the external 'fipscheck' package,
   when compiled with --enable-fips140-mode (#1101).

** libgnutls: Added padlock acceleration for AES-192-CBC (#1004).

** API and ABI modifications:
No changes since last version.

comment:2 by Xi Ruoyao, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r24360.

comment:3 by Xi Ruoyao, 3 years ago

BLFS-SA-10.1-004 has been added for this.

comment:4 by Bruce Dubbs, 3 years ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.