CVE-2016-20011 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-20011 Interim 1 24 2024-07-29T10:08:57Z current 2021-05-30T13:49:46Z 2024-07-29T10:08:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-20011 libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 libgrss libgrss-devel libgrss0 typelib-1_0-Grss-0_7 libgrss-devel as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libgrss0 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 typelib-1_0-Grss-0_7 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libgrss as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libgrss-devel as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libgrss0 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 typelib-1_0-Grss-0_7 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libgrss as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. CVE-2016-20011 SUSE Linux Enterprise Workstation Extension 15 SP3:libgrss SUSE Linux Enterprise Workstation Extension 15 SP3:libgrss-devel SUSE Linux Enterprise Workstation Extension 15 SP3:libgrss0 SUSE Linux Enterprise Workstation Extension 15 SP3:typelib-1_0-Grss-0_7 SUSE Linux Enterprise Workstation Extension 15 SP4:libgrss SUSE Linux Enterprise Workstation Extension 15 SP4:libgrss-devel SUSE Linux Enterprise Workstation Extension 15 SP4:libgrss0 SUSE Linux Enterprise Workstation Extension 15 SP4:typelib-1_0-Grss-0_7 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N