gnutls-3.6.8-11.el8
エラータID: AXSA:2020-604:01
リリース日:
2020/10/06 Tuesday - 13:13
題名:
gnutls-3.6.8-11.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GnuTLS は誤った暗号法をセッションチケットの暗号化に使用しており、
TLS サーバーは最初のキーローテーションまではアプリケーションから派生した
暗号化キーの代わりに誤ったデータを使用するため、TLS1.2 では機密性の喪失、
TLS 1.3では認証が回避される脆弱性があります。(CVE-2020-13777)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.6.8-11.el8.src.rpm
MD5: 4cea7ac02e9a27b2d61bdf6227727bd7
SHA-256: fa293e0b008ccb24cd384cae03c41b05fe81c73006c80f0911255b8da0bce5f0
Size: 5.59 MB
Asianux Server 8 for x86_64
- gnutls-3.6.8-11.el8.x86_64.rpm
MD5: 211196ac7190b3adbdf34e0ac984104e
SHA-256: 92eeb4be7f7a89f9771a26284298d1785c701e9e03a9f507d7fa5958a9694e3e
Size: 913.47 kB - gnutls-c++-3.6.8-11.el8.x86_64.rpm
MD5: d3d741f3b60ce4ea803b07b9eae1bb0e
SHA-256: 296e8b3a99caa56fe104ace30debfa78a38735772b01ebc235593d44af1ddf05
Size: 45.31 kB - gnutls-dane-3.6.8-11.el8.x86_64.rpm
MD5: 04a6f4058a51700f7d31dc2b9cc937f5
SHA-256: eb5887223bb1b8396885c6914e9cf575f319bc5f2ebe47ee7254b4683638f2f5
Size: 43.91 kB - gnutls-devel-3.6.8-11.el8.x86_64.rpm
MD5: fea006af2d52c742e476d7ecdd377d42
SHA-256: c8da7e82a17812d0ecae3f0ad44809b47bd8a9e9d3f2c32cb6deb5eb8aab153e
Size: 2.15 MB - gnutls-utils-3.6.8-11.el8.x86_64.rpm
MD5: 89435e13a88952207c37e9333dcf26d2
SHA-256: f29d331e5d0cdcb58643a56b8440b2f9f360cd14e60f12c387cd1c4a5e7f72c2
Size: 338.92 kB - gnutls-3.6.8-11.el8.i686.rpm
MD5: c1926a268a6888cc1cdfd6d34651d1ec
SHA-256: a4bf617254ba69a2b626ea256a8db77d0a79d5b78afe8c744f1a1fdc74f5ab03
Size: 937.53 kB - gnutls-c++-3.6.8-11.el8.i686.rpm
MD5: 981530c692fcfc1a334b59720148404c
SHA-256: 8db285568d9cfa96f60b1390aecb7e97a41864e33963b2a2102e4fd06f64ee4f
Size: 46.46 kB - gnutls-dane-3.6.8-11.el8.i686.rpm
MD5: 6804a628ab3788a2817c13197d003abb
SHA-256: 14ffe900b2b999159d3332df9a063b006179897f54eba141b8931bde7f238308
Size: 44.49 kB - gnutls-devel-3.6.8-11.el8.i686.rpm
MD5: cabe15f55a6417d196ca62b13325c9a0
SHA-256: c4f715d4a3d42e5cdfc5eb9b11c36ee4b4ca4887950d6b168cdc096ebb1d6085
Size: 2.15 MB
English