Oval Definition:	oval:org.opensuse.security:def:202139358
Revision Date: 2022-09-02 Version: 1 Title: CVE-2021-39358 Description: In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-39358 SUSE CVE-2021-39358 SUSE-SU-2022:2876-1 Platform(s): openSUSE Leap 15.4 openSUSE Tumbleweed SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information gfbgraph-devel-0.2.5-1.1 is installed OR gfbgraph-doc-0.2.5-1.1 is installed OR libgfbgraph-0_2-0-0.2.5-1.1 is installed OR typelib-1_0-GFBGraph-0_2-0.2.5-1.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP2 is installed OR SUSE Linux Enterprise Server 15 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND gfbgraph is affected Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed AND Package Information gfbgraph-devel is affected OR libgfbgraph-0_2-0 is affected OR typelib-1_0-GFBGraph-0_2 is affected Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information libgfbgraph-0_2-0-0.2.5-150400.1.8 is installed AND libgfbgraph-0_2-0 is signed with openSUSE key Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP2 is installed OR SUSE Linux Enterprise Server 15 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND gfbgraph is affected OR Package Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed AND gfbgraph-devel is affected OR libgfbgraph-0_2-0 is affected OR typelib-1_0-GFBGraph-0_2 is affected Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP4 is installed AND Package Information gfbgraph-devel-0.2.5-150400.1.8 is installed OR libgfbgraph-0_2-0-0.2.5-150400.1.8 is installed OR typelib-1_0-GFBGraph-0_2-0.2.5-150400.1.8 is installed
BACK