Security update for gssproxy SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1030-1 Final 1 1 2021-04-06T16:26:37Z current 2021-04-06T16:26:37Z 2021-04-06T16:26:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gssproxy This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1030,SUSE-SLE-SERVER-12-SP5-2021-1030 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211030-1/ Link for SUSE-SU-2021:1030-1 https://lists.suse.com/pipermail/sle-security-updates/2021-April/008587.html E-Mail link for SUSE-SU-2021:1030-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180515 SUSE Bug 1180515 https://www.suse.com/security/cve/CVE-2020-12658/ SUSE CVE CVE-2020-12658 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 gssproxy-0.8.2-4.5.1 gssproxy-0.8.2-4.5.1 as a component of SUSE Linux Enterprise Server 12 SP5 gssproxy-0.8.2-4.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem. CVE-2020-12658 SUSE Linux Enterprise Server 12 SP5:gssproxy-0.8.2-4.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:gssproxy-0.8.2-4.5.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211030-1/ https://www.suse.com/security/cve/CVE-2020-12658.html CVE-2020-12658 https://bugzilla.suse.com/1180515 SUSE Bug 1180515