Описание
ELSA-2020-1998: gnutls security update (MODERATE)
[3.6.8-10]
- Fix CVE-2020-11501 (#1826176)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
gnutls
3.6.8-10.el8_2
gnutls-c++
3.6.8-10.el8_2
gnutls-dane
3.6.8-10.el8_2
gnutls-devel
3.6.8-10.el8_2
gnutls-utils
3.6.8-10.el8_2
Oracle Linux x86_64
gnutls
3.6.8-10.el8_2
gnutls-c++
3.6.8-10.el8_2
gnutls-dane
3.6.8-10.el8_2
gnutls-devel
3.6.8-10.el8_2
gnutls-utils
3.6.8-10.el8_2
Связанные CVE
Связанные уязвимости
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...