ELSA-2022-9221

ULN >
Oracle Linux Errata repository >
ELSA-2022-9221

ELSA-2022-9221 - gnutls security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2022-03-17

Description

[3.6.16-4.0.1_fips]
- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length
as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]
- Allow bigger known RSA modulus sizes when calling
rsa_generate_fips186_4_keypair directly [Orabug: 33200526]
- Change Epoch from 1 to 10

[3.6.16-4]
- p11tool: Document ID reuse behavior when importing certs (#1776250)

[3.6.16-3]
- Treat SHA-1 signed CA in the trusted set differently (#1965445)

[3.6.16-2]
- Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216)

[3.6.16-1]
- Update to upstream 3.6.16 release (#1956783)
- Fix potential use-after-free in key_share handling (#1927597)
- Fix potential use-after-free in pre_shared_key handling (#1927593)
- Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334)
- Fix cert expiration issue in tests (#1908110)

[3.6.14-10]
- Port fixes for potential miscalculation in ecdsa_verify (#1942931)

[3.6.14-9]
- Revert the previous change

Related CVEs

CVE-2021-3580

CVE-2021-20232

CVE-2021-20231

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	gnutls-3.6.16-4.0.1.el8_fips.src.rpm	689ff86393246049f50795c0120cf3d578375b52dcd2ecb2f49251ad8d7633be	-	ol8_aarch64_u4_security_validation
	gnutls-3.6.16-4.0.1.el8_fips.aarch64.rpm	dc3d72b9c034a38e57e93e44c7ca99dab45185a02b0ed6023576047818a18355	-	ol8_aarch64_u4_security_validation
	gnutls-c++-3.6.16-4.0.1.el8_fips.aarch64.rpm	2b31c73c83ebe04f76091df64e9d461b7fb62f76178fc0f0876cc4248638a9f4	-	ol8_aarch64_u4_security_validation
	gnutls-dane-3.6.16-4.0.1.el8_fips.aarch64.rpm	aa7fdb4bebb03f328b98e84162db91e5fdcdecc18a070b785701b72907bcaace	-	ol8_aarch64_u4_security_validation
	gnutls-devel-3.6.16-4.0.1.el8_fips.aarch64.rpm	909ba86e7dcf34c785da9e48273ec15aa388844154177b5d7e7c1d5a227fdd7c	-	ol8_aarch64_u4_security_validation
	gnutls-utils-3.6.16-4.0.1.el8_fips.aarch64.rpm	b59dcb0e001e52331d6de092c03ed30636e30936d92fe8eb62880b888d5d67f0	-	ol8_aarch64_u4_security_validation

Oracle Linux 8 (x86_64)	gnutls-3.6.16-4.0.1.el8_fips.src.rpm	689ff86393246049f50795c0120cf3d578375b52dcd2ecb2f49251ad8d7633be	-	ol8_x86_64_u4_security_validation
	gnutls-3.6.16-4.0.1.el8_fips.i686.rpm	ea61a68945e914b165ede146028365bacbaa67ff6e76e67df55907700dd2e059	-	ol8_x86_64_u4_security_validation
	gnutls-3.6.16-4.0.1.el8_fips.x86_64.rpm	9ff7c693c6a2807eba41d73e4c933cb8237912910b76948c05674ae6bc8f5948	-	ol8_x86_64_u4_security_validation
	gnutls-c++-3.6.16-4.0.1.el8_fips.i686.rpm	7c855b7faa11b3bdd1be6ee4f90ba23e10294f04d3367d1792f8d7a121cccad9	-	ol8_x86_64_u4_security_validation
	gnutls-c++-3.6.16-4.0.1.el8_fips.x86_64.rpm	062e451b0ef5debc467f6a83bcb28a60df65fc70284e8c4d980704fadc09ff56	-	ol8_x86_64_u4_security_validation
	gnutls-dane-3.6.16-4.0.1.el8_fips.i686.rpm	bbda9aca79651eeb7a32dab6b1985bebd5b47fb9941ff7918d60320f5d3e8a4e	-	ol8_x86_64_u4_security_validation
	gnutls-dane-3.6.16-4.0.1.el8_fips.x86_64.rpm	bd24ec75008005546660a261b4949e1f399e87c0064feaddda05b7be29c765c1	-	ol8_x86_64_u4_security_validation
	gnutls-devel-3.6.16-4.0.1.el8_fips.i686.rpm	cbe9d973d483c95c05b8904fe2599594a2a21ac40d861b4697cdb23c2447f8f9	-	ol8_x86_64_u4_security_validation
	gnutls-devel-3.6.16-4.0.1.el8_fips.x86_64.rpm	1a60693190b1a2d0788a5d52d63d748e1b5b32f777bea07fa0839b0f1a5088eb	-	ol8_x86_64_u4_security_validation
	gnutls-utils-3.6.16-4.0.1.el8_fips.x86_64.rpm	822a7f6c8c70d5e02b8e704ac492908afde66c5ac2d401e7e8161042d7a9fbe8	-	ol8_x86_64_u4_security_validation

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691