drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in gnutls28
Name: |
Mangelnde Rechteprüfung in gnutls28 |
|
ID: |
DSA-4697-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Sa, 6. Juni 2020, 19:56 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : gnutls28 CVE ID : CVE-2020-13777 Debian Bug : 962289
A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a man-in-the-middle attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
For the stable distribution (buster), this problem has been fixed in version 3.6.7-4+deb10u4.
We recommend that you upgrade your gnutls28 packages.
For the detailed security status of gnutls28 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gnutls28
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7bzvBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RhDA//Q16UIiuMOUOidwFcJtLVD2x2/RlOzBSxSrqOTnto9oMRY34mBagChVMM m+CTmReyyuIzFcAoTMSYeQ0GiGsm1ObJs2MP3ckN5Nc4xonJL/nBVv9lWQVwG5bf iUGlMUxpH8QJfGvcKu5kHup8Pr2qp7HkV5GVCe+JzvEGwLSpII7ryQFOThnUiIYl 0AkNKxHnJIjD208u/scdcAH9gtOAygPok/WPt4dcfWkRlqYfsOBNfHi3UTW8uhPp yXnu1ClOJpLJzP6ZzhArwTvQkrgfldyBxnkdiNGWihb4nxzHdihheBkGPKxThZ8B 5kr1AV55qSb99FkN5zaXe9QP20AOnBJPpIHWOMhiIDlpczxBpVnkxGU3uZUjB7GY qalFlljWpveju9dUphpxke/4FJQ2lKz/7S56W/npaWYkrOjp9P/Rqp+UPOoI3inH DgSncLOzor8oUQe4LqV00YdT7oVnH1XUxqCz3J1kmEDdrfPZMqbWiHkJnFnYGqqJ yjqupN93eENDw33Cwpfjd8kfyNsv3G30q2JfESNBqenCzLfSUL21M19Uc4cU8M5R lnNVT6DcrxhA+03djeVlzdnz3ULqNG/4pfYQxwuG4GPFMD4oCcV9h3y0sAVgeWre ycI23K/LiNl2rkFP/WJIaf+ReWgJ9K7Nue85jIBaH2pJXxghPkM= =Tg0Z -----END PGP SIGNATURE-----
|
|
|
|