Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0268)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0268

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0268)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2020-0268 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2020-0268 advisory.

Vulnerability Insight:
Updated gnutls packages fix security vulnerability:

It was found that GnuTLS 3.6.4 introduced a regression in the TLS
protocol implementation. This caused the TLS server to not securely
construct a session ticket encryption key considering the application
supplied secret, allowing a MitM attacker to bypass authentication in
TLS 1.3 and recover previous conversations in TLS 1.2 (CVE-2020-13777).

Affected Software/OS:
'gnutls' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-13777
Debian Security Information: DSA-4697 (Google Search)
https://www.debian.org/security/2020/dsa-4697
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/
https://security.gentoo.org/glsa/202006-01
SuSE Security Announcement: openSUSE-SU-2020:0790 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html
https://usn.ubuntu.com/4384-1/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0268
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0268)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2020-0268 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the MGASA-2020-0268 advisory. Vulnerability Insight: Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (CVE-2020-13777). Affected Software/OS: 'gnutls' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-13777 Debian Security Information: DSA-4697 (Google Search) https://www.debian.org/security/2020/dsa-4697 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RTXZOXC4MHTFE2HKY6IAZMF2WHD2WMV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6C4DHUKV6M6SJ5CV6KVHZNHNF7HCUE5P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRQBFK3UZ7SV76IYDTS4PS6ABS2DSJHK/ https://security.gentoo.org/glsa/202006-01 SuSE Security Announcement: openSUSE-SU-2020:0790 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00015.html https://usn.ubuntu.com/4384-1/
Copyright	Copyright (C) 2022 Greenbone AG