Bug 1172663

Summary: severe memory issue in gnutls
Product: [openSUSE] openSUSE Tumbleweed Reporter: Bjoern Jacke <bjacke>
Component: OtherAssignee: Vítězslav Čížek <vcizek>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner, vcizek
Version: Current   
Target Milestone: Current   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Bjoern Jacke 2020-06-08 13:01:09 UTC 
there's a  memory leak in gnutls in conjunction with AES CCM mode.

For details see also

https://bugzilla.samba.org/show_bug.cgi?id=14399
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277

please ship that fix from

https://gitlab.com/gnutls/gnutls/-/merge_requests/1278

for supported OpenSUSE and SLES products as this is a severe problem for many Samba customers.
Comment 1 Vítězslav Čížek 2020-06-08 15:40:34 UTC 
SLE distributions and openSUSE Leaps are unaffected.
The problematic code (iov_store_grow) appeared in GnuTLS 3.6.10, and we ship 3.6.7.

Only openSUSE Tumbleweed/Factory is affected.
We'll add the patch there along with the update to 3.6.14 once we fix bug 1171565.
Comment 2 Vítězslav Čížek 2020-06-09 07:53:19 UTC 
Fixed packages have been submitted.
Comment 3 OBSbugzilla Bot 2020-06-09 08:00:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1172663) was mentioned in
https://build.opensuse.org/request/show/812790 Factory / gnutls