Vulnerability CVE-2021-39358: Information
Description
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libgfbgraph | sisyphus | 0.2.5-alt1 | 0.2.5-alt1 | ALT-PU-2021-3165-1 | 288578 | Fixed |
libgfbgraph | sisyphus_e2k | 0.2.5-alt1 | 0.2.5-alt1 | ALT-PU-2021-4549-1 | - | Fixed |
libgfbgraph | p10 | 0.2.5-alt1 | 0.2.5-alt1 | ALT-PU-2021-3500-1 | 289899 | Fixed |
libgfbgraph | c10f1 | 0.2.5-alt1 | 0.2.5-alt1 | ALT-PU-2021-3500-1 | 289899 | Fixed |