Slackware64-14.2 ChangeLog (2021-05-25)

Tue May 25 18:01:05 UTC 2021

  • patches/packages/gnutls-3.6.16-x86_64-1_slack14.2.txz
    Fixed potential miscalculation of ECDSA/EdDSA code backported from Nettle.
    In GnuTLS, as long as it is built and linked against the fixed version of
    Nettle, this only affects GOST curves. [CVE-2021-20305]
    Fixed potential use-after-free in sending “key_share” and “pre_shared_key”
    extensions. When sending those extensions, the client may dereference a
    pointer no longer valid after realloc. This happens only when the client
    sends a large Client Hello message, e.g., when HRR is sent in a resumed
    session previously negotiated large FFDHE parameters, because the initial
    allocation of the buffer is large enough without having to call realloc
    (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
    For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305
    (* Security fix *)
  • news/2021/05/25/slackware64-14.2-changelog.txt
  • Last modified: 9 days ago
  • by Giuseppe Di Terlizzi