|Category:||Debian Local Security Checks|
|Title:||Debian: Security Advisory for gnutls28 (DSA-4697-1)|
|Summary:||The remote host is missing an update for the 'gnutls28'; package(s) announced via the DSA-4697-1 advisory.|
The remote host is missing an update for the 'gnutls28'
package(s) announced via the DSA-4697-1 advisory.
A flaw was reported in the TLS session ticket key construction in
GnuTLS, a library implementing the TLS and SSL protocols. The flaw
caused the TLS server to not securely construct a session ticket
encryption key considering the application supplied secret, allowing a
man-in-the-middle attacker to bypass authentication in TLS 1.3 and
recover previous conversations in TLS 1.2.
'gnutls28' package(s) on Debian Linux.
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your gnutls28 packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-13777|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.