Overview

File _patchinfo of Package patchinfo.24863

<patchinfo incident="24863">
  <issue tracker="cve" id="2022-2509"/>
  <issue tracker="bnc" id="1202020">VUL-0: CVE-2022-2509: gnutls: Double free during gnutls_pkcs7_verify.</issue>
  <issue tracker="bnc" id="1190698">FIPS: GnuTLS: Provide a service-level indicator</issue>
  <issue tracker="bnc" id="1198979">FIPS: GnuTLS on-demand integrity tests</issue>
  <packager>rcosta</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gnutls</summary>
  <description>This update for gnutls fixes the following issues:

- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).

Non-security fixes:

- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places