CVE-2021-39358 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-39358 Interim 1 33 2025-02-17T00:28:33Z current 2021-08-27T01:00:56Z 2025-02-17T00:28:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-39358 In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2022-August/011975.html E-Mail link for SUSE-SU-2022:2876-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed gfbgraph gfbgraph-0.2.4-1.el8 gfbgraph-devel gfbgraph-devel-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.5-1.1 gfbgraph-devel-0.2.5-150400.1.8 gfbgraph-doc-0.2.5-1.1 libgfbgraph-0_2-0 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.5-1.1 libgfbgraph-0_2-0-0.2.5-150400.1.8 typelib-1_0-GFBGraph-0_2 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.5-1.1 typelib-1_0-GFBGraph-0_2-0.2.5-150400.1.8 gfbgraph-0.2.4-1.el8 as a component of SUSE Liberty Linux 8 gfbgraph-devel-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP3 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP3 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP3 gfbgraph-devel-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 gfbgraph-devel-0.2.5-150400.1.8 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libgfbgraph-0_2-0-0.2.5-150400.1.8 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 typelib-1_0-GFBGraph-0_2-0.2.5-150400.1.8 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 gfbgraph-devel-0.2.3-150000.3.5.1 as a component of openSUSE Leap 15.3 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 as a component of openSUSE Leap 15.3 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 as a component of openSUSE Leap 15.3 libgfbgraph-0_2-0-0.2.5-150400.1.8 as a component of openSUSE Leap 15.4 gfbgraph-devel-0.2.5-1.1 as a component of openSUSE Tumbleweed gfbgraph-doc-0.2.5-1.1 as a component of openSUSE Tumbleweed libgfbgraph-0_2-0-0.2.5-1.1 as a component of openSUSE Tumbleweed typelib-1_0-GFBGraph-0_2-0.2.5-1.1 as a component of openSUSE Tumbleweed gfbgraph-devel as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libgfbgraph-0_2-0 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 typelib-1_0-GFBGraph-0_2 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 gfbgraph as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. CVE-2021-39358 SUSE Liberty Linux 8:gfbgraph-0.2.4-1.el8 SUSE Linux Enterprise Module for Package Hub 15 SP3:gfbgraph-devel-0.2.3-150000.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP3:libgfbgraph-0_2-0-0.2.3-150000.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP3:typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP3:gfbgraph-devel-0.2.3-150000.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libgfbgraph-0_2-0-0.2.3-150000.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP3:typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 SUSE Linux Enterprise Workstation Extension 15 SP4:gfbgraph-devel-0.2.5-150400.1.8 SUSE Linux Enterprise Workstation Extension 15 SP4:libgfbgraph-0_2-0-0.2.5-150400.1.8 SUSE Linux Enterprise Workstation Extension 15 SP4:typelib-1_0-GFBGraph-0_2-0.2.5-150400.1.8 openSUSE Leap 15.3:gfbgraph-devel-0.2.3-150000.3.5.1 openSUSE Leap 15.3:libgfbgraph-0_2-0-0.2.3-150000.3.5.1 openSUSE Leap 15.3:typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 openSUSE Leap 15.4:libgfbgraph-0_2-0-0.2.5-150400.1.8 openSUSE Tumbleweed:gfbgraph-devel-0.2.5-1.1 openSUSE Tumbleweed:gfbgraph-doc-0.2.5-1.1 openSUSE Tumbleweed:libgfbgraph-0_2-0-0.2.5-1.1 openSUSE Tumbleweed:typelib-1_0-GFBGraph-0_2-0.2.5-1.1 SUSE Linux Enterprise Workstation Extension 15 SP4:gfbgraph SUSE Linux Enterprise Workstation Extension 15 SP4:gfbgraph-devel SUSE Linux Enterprise Workstation Extension 15 SP4:libgfbgraph-0_2-0 SUSE Linux Enterprise Workstation Extension 15 SP4:typelib-1_0-GFBGraph-0_2 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N