ELSA-2022-6854

ULN >
Oracle Linux Errata repository >
ELSA-2022-6854

ELSA-2022-6854 - gnutls and nettle security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-10-11

Description

gnutls
[3.7.6-12]
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API

[3.7.6-11]
- Supply --with{,out}-{zlib,brotli,zstd} explicitly

[3.7.6-10]
- Revert nettle version pinning as it doesn't work well in side-tag

[3.7.6-9]
- Pin nettle version in Requires when compiled with FIPS

[3.7.6-8]
- Bundle GMP to privatize memory functions
- Disable certificate compression support by default

[3.7.6-7]
- Update gnutls-3.7.6-cpuid-fixes.patch

[3.7.6-6]
- Mark RSA SigVer operation approved for known modulus sizes (#2119770)
- accelerated: clear AVX bits if it cannot be queried through XSAVE

[3.7.6-5]
- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314)
- sysrng: reseed source DRBG for prediction resistance

[3.7.6-4]
- Make gnutls-cli work with KTLS for testing
- Fix double-free in gnutls_pkcs7_verify (#2109789)

[3.7.6-3]
- Limit input size for AES-GCM according to SP800-38D (#2108635)
- Do not treat GPG verification errors as fatal
- Remove gnutls-3.7.6-libgnutlsxx-const.patch

[3.7.6-2]
- Allow enabling KTLS with config file (#2108532)

[3.7.6-1]
- Update to gnutls 3.7.6 (#2102591)

[3.7.3-10]
- Use only the first component of VERSION from /etc/os-release (#2076626)
- Don't run power-on self-tests on DSA (#2076627)

nettle
[3.8-3]
- Rebuild in new side-tag

[3.8-2]
- Bundle GMP to privatize memory functions
- Zeroize stack allocated intermediate data

[3.8-1]
- Update to nettle 3.8 (#2100350)

Related CVEs

CVE-2022-2509

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_aarch64_appstream
	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_aarch64_baseos_latest
	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_aarch64_u0_baseos_patch
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_appstream
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_appstream_developer
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_baseos_developer
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_baseos_latest
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_u0_baseos_patch
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_u1_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_u2_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_u3_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_aarch64_u3_security_validation
	gnutls-3.7.6-12.el9_0.aarch64.rpm	944a4672f60e6d4464d9cfaec08448c4d0ce2281b6c570b5e3f3a100456cdde7	-	ol9_aarch64_baseos_latest
	gnutls-3.7.6-12.el9_0.aarch64.rpm	944a4672f60e6d4464d9cfaec08448c4d0ce2281b6c570b5e3f3a100456cdde7	-	ol9_aarch64_u0_baseos_patch
	gnutls-c++-3.7.6-12.el9_0.aarch64.rpm	bea46ac0c375944c854967ef751f97316d24a5ea5c1d9919e60b11aa03adcb56	-	ol9_aarch64_appstream
	gnutls-dane-3.7.6-12.el9_0.aarch64.rpm	88311069feeb35c4835c705bc937d2909dcb34774e3a301be549ea8a09f9ce68	-	ol9_aarch64_appstream
	gnutls-devel-3.7.6-12.el9_0.aarch64.rpm	a681a412363bf45a061e1687ed05ab3e57c35c9d148c7f6d10304118979488ff	-	ol9_aarch64_appstream
	gnutls-utils-3.7.6-12.el9_0.aarch64.rpm	412b3ff30949d4526bbcf5aad2da92beb3f4cffa537d4c38cfcddff67a837f6a	-	ol9_aarch64_appstream
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_baseos_developer
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_baseos_latest
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_u0_baseos_patch
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_u1_baseos_base
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_u2_baseos_base
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_u3_baseos_base
	nettle-3.8-3.el9_0.aarch64.rpm	9569a694b43f7e56a25100b03e0f52fdc11967b8f1137ad49fd589498b8a3004	-	ol9_aarch64_u3_security_validation
	nettle-devel-3.8-3.el9_0.aarch64.rpm	9540b8ab32ca4181dffe2445f4c018b8d5a8e9829b5caeba2ce6ba5207587cd2	-	ol9_aarch64_appstream
	nettle-devel-3.8-3.el9_0.aarch64.rpm	9540b8ab32ca4181dffe2445f4c018b8d5a8e9829b5caeba2ce6ba5207587cd2	-	ol9_aarch64_appstream_developer
	nettle-devel-3.8-3.el9_0.aarch64.rpm	9540b8ab32ca4181dffe2445f4c018b8d5a8e9829b5caeba2ce6ba5207587cd2	-	ol9_aarch64_u3_security_validation

Oracle Linux 9 (x86_64)	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_x86_64_appstream
	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_x86_64_baseos_latest
	gnutls-3.7.6-12.el9_0.src.rpm	9775a9447735b49c0533774c5bdea7f59f2973b4f8b75be2808f0ad9ed01b42d	-	ol9_x86_64_u0_baseos_patch
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_appstream
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_appstream_developer
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_baseos_developer
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_baseos_latest
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_u0_baseos_patch
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_u1_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_u2_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_u3_baseos_base
	nettle-3.8-3.el9_0.src.rpm	8f67ea51932ba3195402cdac06b8a30437e5234b834c6ae4095c3d6e469e002f	-	ol9_x86_64_u3_security_validation
	gnutls-3.7.6-12.el9_0.i686.rpm	93de69c987aec39f860b96cc37aae192081b6b88768f949022934a4e38755aef	-	ol9_x86_64_baseos_latest
	gnutls-3.7.6-12.el9_0.i686.rpm	93de69c987aec39f860b96cc37aae192081b6b88768f949022934a4e38755aef	-	ol9_x86_64_u0_baseos_patch
	gnutls-3.7.6-12.el9_0.x86_64.rpm	d0bafc59cefb6bda566da0f323f9257e2624b0805fa54904a5a7843866a8f767	-	ol9_x86_64_baseos_latest
	gnutls-3.7.6-12.el9_0.x86_64.rpm	d0bafc59cefb6bda566da0f323f9257e2624b0805fa54904a5a7843866a8f767	-	ol9_x86_64_u0_baseos_patch
	gnutls-c++-3.7.6-12.el9_0.i686.rpm	c0fcd78d40b7c68077a8190597814911a8c978aa815151ecd0aa71d1d2911c05	-	ol9_x86_64_appstream
	gnutls-c++-3.7.6-12.el9_0.x86_64.rpm	05f8d42773f57c5f02448f270a2d239136d2d8bd0236ad214c349aef5c5ca5c4	-	ol9_x86_64_appstream
	gnutls-dane-3.7.6-12.el9_0.i686.rpm	a7f9348ae2419ea9f7e867e598e53ddc8f2587b2a3defa36c460aef55effe127	-	ol9_x86_64_appstream
	gnutls-dane-3.7.6-12.el9_0.x86_64.rpm	1137d17bd478f7393a873993c462146ff54657db5c034c0a95ee7426c5361ab4	-	ol9_x86_64_appstream
	gnutls-devel-3.7.6-12.el9_0.i686.rpm	e051b8bda184c69bacdd7789e85514cbd51af22e57b7cc022b8c157209d77a71	-	ol9_x86_64_appstream
	gnutls-devel-3.7.6-12.el9_0.x86_64.rpm	7c81d93bca41c4bd73779a87166986fc7ebb01c30436e3f8fa3217b0fbb78fdf	-	ol9_x86_64_appstream
	gnutls-utils-3.7.6-12.el9_0.x86_64.rpm	6723fb97f256f65e860471ade8c4a2e6d153e56436b7f51f87bc3d7381a371a9	-	ol9_x86_64_appstream
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_baseos_developer
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_baseos_latest
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_u0_baseos_patch
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_u1_baseos_base
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_u2_baseos_base
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_u3_baseos_base
	nettle-3.8-3.el9_0.i686.rpm	5738a47106666d36f5c523710a84940bbf452922414b9badd9378a77a181cbf7	-	ol9_x86_64_u3_security_validation
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_baseos_developer
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_baseos_latest
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_u0_baseos_patch
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_u1_baseos_base
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_u2_baseos_base
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_u3_baseos_base
	nettle-3.8-3.el9_0.x86_64.rpm	19336d66ec49bc0665400842f7eb2bc85a89ad61324169b180602a3c7dd8bced	-	ol9_x86_64_u3_security_validation
	nettle-devel-3.8-3.el9_0.i686.rpm	1dc6783be5f2e1f69abff6410255c8e4a50c7bea530a72cc56bb0162a2974a7a	-	ol9_x86_64_appstream
	nettle-devel-3.8-3.el9_0.i686.rpm	1dc6783be5f2e1f69abff6410255c8e4a50c7bea530a72cc56bb0162a2974a7a	-	ol9_x86_64_appstream_developer
	nettle-devel-3.8-3.el9_0.i686.rpm	1dc6783be5f2e1f69abff6410255c8e4a50c7bea530a72cc56bb0162a2974a7a	-	ol9_x86_64_u3_security_validation
	nettle-devel-3.8-3.el9_0.x86_64.rpm	f8ba35048df2801647e794b1277b2d3cfa492ad13cd631599ee046b0cd058178	-	ol9_x86_64_appstream
	nettle-devel-3.8-3.el9_0.x86_64.rpm	f8ba35048df2801647e794b1277b2d3cfa492ad13cd631599ee046b0cd058178	-	ol9_x86_64_appstream_developer
	nettle-devel-3.8-3.el9_0.x86_64.rpm	f8ba35048df2801647e794b1277b2d3cfa492ad13cd631599ee046b0cd058178	-	ol9_x86_64_u3_security_validation

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691