An information disclosure vulnerability in GnuTLS allow remote attackers to obtain sensitive information.
Package | net-libs/gnutls on all architectures |
---|---|
Affected versions | < 3.6.14 |
Unaffected versions | >= 3.6.14 |
GnuTLS is an Open Source implementation of the TLS and SSL protocols.
A flaw was reported in the TLS session ticket key construction in GnuTLS.
A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a man-in-the-middle attack to bypass authentication in TLS 1.3.
There is no known workaround at this time.
All GnuTLS user should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.6.14"
Release date
June 09, 2020
Latest revision
June 09, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries