DSA-4697-1 gnutls28 -- gnutls28ID: oval:org.secpod.oval:def:604875 | Date: (C)2020-06-08 (M)2023-11-13 |
Class: PATCH | Family: unix |
A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a man-in-the-middle attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
Product: |
gnutls-doc |
libgnutls30 |
libgnutlsxx28 |
libgnutls-dane0 |
gnutls-bin |
libgnutls28-dev |
libgnutls-openssl27 |