Bug 1172663 - severe memory issue in gnutls
Summary: severe memory issue in gnutls
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: Current
Assignee: Vítězslav Čížek
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-08 13:01 UTC by Bjoern Jacke
Modified: 2024-04-08 13:51 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bjoern Jacke 2020-06-08 13:01:09 UTC 
there's a  memory leak in gnutls in conjunction with AES CCM mode.

For details see also

https://bugzilla.samba.org/show_bug.cgi?id=14399
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277

please ship that fix from

https://gitlab.com/gnutls/gnutls/-/merge_requests/1278

for supported OpenSUSE and SLES products as this is a severe problem for many Samba customers.
Comment 1 Vítězslav Čížek 2020-06-08 15:40:34 UTC 
SLE distributions and openSUSE Leaps are unaffected.
The problematic code (iov_store_grow) appeared in GnuTLS 3.6.10, and we ship 3.6.7.

Only openSUSE Tumbleweed/Factory is affected.
We'll add the patch there along with the update to 3.6.14 once we fix bug 1171565.
Comment 2 Vítězslav Čížek 2020-06-09 07:53:19 UTC 
Fixed packages have been submitted.
Comment 3 OBSbugzilla Bot 2020-06-09 08:00:31 UTC 
This is an autogenerated message for OBS integration:
This bug (1172663) was mentioned in
https://build.opensuse.org/request/show/812790 Factory / gnutls