Follow

GnuTLS 近期被发现其 session resumption 不严密,可能有 MitM (TLS 1.3) 及监听到明文 (TLS 1.2) 的风险。影响自 3.6.4 起的各个版本并在 3.6.14 被修复。

CVE-2020-13777 | GNUTLS-SA-2020-06-03

src: gitlab.com/gnutls/gnutls/-/iss
src: lists.gnupg.org/pipermail/gnut
src: nvd.nist.gov/vuln/detail/CVE-2
src: news.ycombinator.com/item?id=2
src: gnutls.org/security-new.html#G

然而 Debian Stable 和 Ubuntu 还没修...

Sign in to participate in the conversation
Moew!

Have fun and play together~