First published: Wed Dec 30 2020(Updated: )
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
LINBIT csync2 | <=2.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15523 is a vulnerability in LINBIT csync2 through version 2.0 that allows an attacker to bypass certain security checks.
CVE-2019-15523 has a severity rating of medium, with a CVSS score of 5.3.
LINBIT csync2 through version 2.0 and Debian Debian Linux version 9.0 are affected by CVE-2019-15523.
To fix CVE-2019-15523, upgrade to a version of LINBIT csync2 that includes the necessary patches.
More information about CVE-2019-15523 can be found at the following references: [link1](https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2) and [link2](https://lists.debian.org/debian-lts-announce/2021/01/msg00003.html).