MGASA-2020-0268

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0268.html

Import Source

https://advisories.mageia.org/MGASA-2020-0268.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0268

Related

CVE-2020-13777

Published

2020-06-20T22:45:09Z

Modified

2020-06-20T22:11:00Z

Summary

Updated gnutls packages fix security vulnerability

Details

Updated gnutls packages fix security vulnerability:

It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (CVE-2020-13777).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/mageia/gnutls?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.14-1.mga7

Ecosystem specific

{
    "section": "core"
}