Описание
ELSA-2020-2637: gnutls security update (IMPORTANT)
[3.6.8-11]
- Fix CVE-2020-13777 (#1844147)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
gnutls
3.6.8-11.el8_2
gnutls-c++
3.6.8-11.el8_2
gnutls-dane
3.6.8-11.el8_2
gnutls-devel
3.6.8-11.el8_2
gnutls-utils
3.6.8-11.el8_2
Oracle Linux x86_64
gnutls
3.6.8-11.el8_2
gnutls-c++
3.6.8-11.el8_2
gnutls-dane
3.6.8-11.el8_2
gnutls-devel
3.6.8-11.el8_2
gnutls-utils
3.6.8-11.el8_2
Связанные CVE
Связанные уязвимости
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...