SUSE-SU-2020:1584-1 -- SLES gnutls, libgnutlsID: oval:org.secpod.oval:def:89003006 | Date: (C)2021-02-25 (M)2023-03-08 |
Class: PATCH | Family: unix |
This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 . - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates .
Platform: |
SUSE Linux Enterprise Server 15 |