Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
patchinfo.15330
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.15330
<patchinfo incident="15330"> <issue tracker="bnc" id="1172506">VUL-0: CVE-2020-13777: gnutls: session resumption works without master key allowing MITM</issue> <issue tracker="bnc" id="1172461">gnutls fails to verify certificate chains that contain an expired cross-signed intermediate in alternate chains</issue> <issue tracker="cve" id="2020-13777"/> <packager>vitezslav_cizek</packager> <rating>important</rating> <category>security</category> <summary>Security update for gnutls</summary> <description>This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
