153 matches found
SUSE: Security Advisory (SUSE-SU-2014:1524-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2021:0510-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933 This update was imported from the SUSE:SLE-15-SP2:Update update project...
HAXX libcurl man-in-the-middle attack vulnerability (CNVD-2021-31934)
HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...
SUSE-SU-2021:1006-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup bsc1183934 - CVE-2021-22876: Automatic referer leaks credentials bsc1183933...
CURL-CVE-2021-22890 TLS 1.3 session ticket proxy host mix-up
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using an HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote serve...
Haxx libcurl 安全漏洞
HAXX libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. HAXX libcurl suffers from a man-in-the-middle attack vulnerability that can be exploited by an attacker to act as a man-in-the-middle by...
curl -- TLS 1.3 session ticket proxy host mixup
Daniel Stenberg reports: Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arriv...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2020-1803)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2020-0268 Updated gnutls packages fix security vulnerability
Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...
Updated gnutls packages fix security vulnerability
Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...
openSUSE Security Update : gnutls (openSUSE-2020-790)
This update for gnutls fixes the following issues : - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker ...
openSUSE: Security Advisory for gnutls (openSUSE-SU-2020:0790-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for gnutls (important)
openSUSE Security Update: Security update for gnutls Announcement ID: openSUSE-SU-2020:0790-1 Rating: important References: 1172461 1172506 Cross-References: CVE-2020-13777 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...
SUSE-SU-2020:1584-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker t...
GnuTLS: Information disclosure
Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description A flaw was reported in the TLS session ticket key construction in GnuTLS. Impact A remote attacker could recover previous conversations in TLS 1.2 and obtain sensitive information or conduct a...
[SECURITY] [DSA 4697-1] gnutls28 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-4384-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4384-1 gnutls28 vulnerability
It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information...
ALPINE-CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...