Bug 1189849 - (CVE-2021-39359) VUL-0: CVE-2021-39359: libgda,libgda3: missing TLS certificate verification
(CVE-2021-39359)
VUL-0: CVE-2021-39359: libgda,libgda3: missing TLS certificate verification
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/307798/
CVSSv3.1:SUSE:CVE-2021-39359:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-26 14:52 UTC by Gianluca Gabrielli
Modified: 2022-09-06 16:45 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Gianluca Gabrielli 2021-08-26 14:53:02 UTC
Affected packages:
 - SUSE:SLE-12-SP2:Update/libgda   5.2.4
 - openSUSE:Backports:SLE-15-SP2/libgda    5.2.9

No patch is available yet.
Comment 4 Hu 2022-08-29 15:35:03 UTC
ping, any updates here?

CCing last 3 people that contributed to the changes file of SUSE:SLE-12-SP2:Update/libgda, maybe you know something about this and could submit? Thanks :)
Comment 6 Swamp Workflow Management 2022-09-05 13:23:24 UTC
SUSE-SU-2022:3016-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1189849
CVE References: CVE-2021-39359
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libgda-5.2.4-9.3.1
SUSE OpenStack Cloud 9 (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Server 12-SP5 (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libgda-5.2.4-9.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libgda-5.2.4-9.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.