An information disclosure vulnerability in GnuTLS allow remote attackers to obtain sensitive information.
|Package||net-libs/gnutls on all architectures|
|Affected versions||< 3.6.14|
|Unaffected versions||>= 3.6.14|
GnuTLS is an Open Source implementation of the TLS and SSL protocols.
A flaw was reported in the TLS session ticket key construction in GnuTLS.
A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a man-in-the-middle attack to bypass authentication in TLS 1.3.
There is no known workaround at this time.
All GnuTLS user should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.6.14"
June 09, 2020
June 09, 2020: 1