AlmaLinux 2325 Published by

A gnutls and nettle security, bug fix, and enhancement update has been released for AlmaLinux 9.



ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update


Type:
security

Severity:
moderate

Release date:
2022-10-13

Description
Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
The following packages have been upgraded to a later upstream version: gnutls (3.7.6), nettle (3.8).
Security Fix(es):
* gnutls: Double free during gnutls_pkcs7_verify. (CVE-2022-2509)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* IBM 9.1 P10 POWER10 performance enhancements for cryptography: nettle - incremental work (BZ#2102589)
* Allow enabling KTLS in AlmaLinux 9.1 (BZ#2108532)
* DES-CBC bag is decryptable under FIPS (BZ#2115314)
* allow signature verification using RSA keys

References:
RHSA-2022:6854
CVE-2022-2509
ALSA-2022:6854

Updates packages:
gnutls-dane-3.7.6-12.el9_0.i686.rpm
gnutls-c++-3.7.6-12.el9_0.i686.rpm
gnutls-utils-3.7.6-12.el9_0.x86_64.rpm
gnutls-devel-3.7.6-12.el9_0.i686.rpm
gnutls-devel-3.7.6-12.el9_0.ppc64le.rpm
gnutls-c++-3.7.6-12.el9_0.ppc64le.rpm
gnutls-dane-3.7.6-12.el9_0.ppc64le.rpm
gnutls-utils-3.7.6-12.el9_0.ppc64le.rpm
gnutls-c++-3.7.6-12.el9_0.aarch64.rpm
gnutls-utils-3.7.6-12.el9_0.aarch64.rpm
gnutls-devel-3.7.6-12.el9_0.aarch64.rpm
gnutls-dane-3.7.6-12.el9_0.aarch64.rpm
gnutls-dane-3.7.6-12.el9_0.s390x.rpm
gnutls-utils-3.7.6-12.el9_0.s390x.rpm
gnutls-devel-3.7.6-12.el9_0.s390x.rpm
gnutls-c++-3.7.6-12.el9_0.s390x.rpm
gnutls-3.7.6-12.el9_0.i686.rpm
gnutls-3.7.6-12.el9_0.ppc64le.rpm
gnutls-3.7.6-12.el9_0.aarch64.rpm
gnutls-3.7.6-12.el9_0.s390x.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:6854 Moderate: gnutls and nettle security, bug fix, and enhancement update