Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information.
{ "availability": "No subscription required", "binaries": [ { "libgnutls-dev-dbgsym": "2.12.23-12ubuntu2.4", "libgnutls-openssl27-dbgsym": "2.12.23-12ubuntu2.4", "gnutls26-doc": "2.12.23-12ubuntu2.4", "libgnutls26": "2.12.23-12ubuntu2.4", "libgnutlsxx27": "2.12.23-12ubuntu2.4", "libgnutls26-dbg": "2.12.23-12ubuntu2.4", "libgnutlsxx27-dbgsym": "2.12.23-12ubuntu2.4", "gnutls-bin": "3.0.11+really2.12.23-12ubuntu2.4", "libgnutls26-dbgsym": "2.12.23-12ubuntu2.4", "gnutls-bin-dbgsym": "3.0.11+really2.12.23-12ubuntu2.4", "libgnutls-dev": "2.12.23-12ubuntu2.4", "libgnutls-openssl27": "2.12.23-12ubuntu2.4" } ] }