ELSA-2022-6854

ULN >
Oracle Linux Errata repository >
ELSA-2022-6854

ELSA-2022-6854 - gnutls and nettle security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2022-10-11

Description

gnutls
[3.7.6-12]
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API

[3.7.6-11]
- Supply --with{,out}-{zlib,brotli,zstd} explicitly

[3.7.6-10]
- Revert nettle version pinning as it doesn't work well in side-tag

[3.7.6-9]
- Pin nettle version in Requires when compiled with FIPS

[3.7.6-8]
- Bundle GMP to privatize memory functions
- Disable certificate compression support by default

[3.7.6-7]
- Update gnutls-3.7.6-cpuid-fixes.patch

[3.7.6-6]
- Mark RSA SigVer operation approved for known modulus sizes (#2119770)
- accelerated: clear AVX bits if it cannot be queried through XSAVE

[3.7.6-5]
- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314)
- sysrng: reseed source DRBG for prediction resistance

[3.7.6-4]
- Make gnutls-cli work with KTLS for testing
- Fix double-free in gnutls_pkcs7_verify (#2109789)

[3.7.6-3]
- Limit input size for AES-GCM according to SP800-38D (#2108635)
- Do not treat GPG verification errors as fatal
- Remove gnutls-3.7.6-libgnutlsxx-const.patch

[3.7.6-2]
- Allow enabling KTLS with config file (#2108532)

[3.7.6-1]
- Update to gnutls 3.7.6 (#2102591)

[3.7.3-10]
- Use only the first component of VERSION from /etc/os-release (#2076626)
- Don't run power-on self-tests on DSA (#2076627)

nettle
[3.8-3]
- Rebuild in new side-tag

[3.8-2]
- Bundle GMP to privatize memory functions
- Zeroize stack allocated intermediate data

[3.8-1]
- Update to nettle 3.8 (#2100350)

Related CVEs

CVE-2022-2509

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 9 (aarch64)	gnutls-3.7.6-12.el9_0.src.rpm	239491688170e8d4941e87e12587652a	-
	nettle-3.8-3.el9_0.src.rpm	861f4671d598ca25d8c5c3778c6cff1e	-
	gnutls-3.7.6-12.el9_0.aarch64.rpm	7e0c97383dde5b41d14c664a9470710d	-
	gnutls-c++-3.7.6-12.el9_0.aarch64.rpm	7bea575075168ed340e5c5ac46fe00a8	-
	gnutls-dane-3.7.6-12.el9_0.aarch64.rpm	d3c4699e72dc861767e8e5f8f3a0eb03	-
	gnutls-devel-3.7.6-12.el9_0.aarch64.rpm	78a85a39342fb8a13c1d7a0299b9e5b4	-
	gnutls-utils-3.7.6-12.el9_0.aarch64.rpm	a4cf61b3b7b8e438eebc308feee0c96d	-
	nettle-3.8-3.el9_0.aarch64.rpm	f40536c24338676e9bbed7009a95a1bf	-
	nettle-devel-3.8-3.el9_0.aarch64.rpm	b219a693d211158b735277a48ae92500	-

Oracle Linux 9 (x86_64)	gnutls-3.7.6-12.el9_0.src.rpm	239491688170e8d4941e87e12587652a	-
	nettle-3.8-3.el9_0.src.rpm	861f4671d598ca25d8c5c3778c6cff1e	-
	gnutls-3.7.6-12.el9_0.i686.rpm	ff962c8eba308e001e4cd3ff2b0761d2	-
	gnutls-3.7.6-12.el9_0.x86_64.rpm	453f8b26ff2144dae4c903140feb5d12	-
	gnutls-c++-3.7.6-12.el9_0.i686.rpm	43f3e562afc55313a2b3eeb16c5669ee	-
	gnutls-c++-3.7.6-12.el9_0.x86_64.rpm	aac185df464bc8fa1e0fb4814601af05	-
	gnutls-dane-3.7.6-12.el9_0.i686.rpm	394cff12303e892a3ee0c04e6ca6d2ce	-
	gnutls-dane-3.7.6-12.el9_0.x86_64.rpm	88a7f2395eb2ec8924b77486d361ca6b	-
	gnutls-devel-3.7.6-12.el9_0.i686.rpm	fd0c4d816a1782106ff76abef66d9ba3	-
	gnutls-devel-3.7.6-12.el9_0.x86_64.rpm	e3a69790cbc137534907d4925fb6a538	-
	gnutls-utils-3.7.6-12.el9_0.x86_64.rpm	8e9916cec80753777c5c778433c80a59	-
	nettle-3.8-3.el9_0.i686.rpm	df12e305dbf7ac280551c362e74b8a9f	-
	nettle-3.8-3.el9_0.x86_64.rpm	695d84147d1478a267491c8aa045b0a5	-
	nettle-devel-3.8-3.el9_0.i686.rpm	bc1cbd6a73f5bbbc57e632cbe53406b8	-
	nettle-devel-3.8-3.el9_0.x86_64.rpm	2b0764cd90154a198818c3be52b40546	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691