Slackware-14.2 ChangeLog (2020-06-03)

Wed Jun 3 20:21:52 UTC 2020

  • patches/packages/gnutls-3.6.14-i586-1_slack14.2.txz
    Fixed insecure session ticket key construction, since 3.6.4. The TLS server
    would not bind the session ticket encryption key with a value supplied by
    the application until the initial key rotation, allowing attacker to bypass
    authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
    [GNUTLS-SA-2020-06-03, CVSS: high]
    (* Security fix *)
  • news/2020/06/03/slackware-14.2-changelog.txt
  • Last modified: 14 months ago
  • by Giuseppe Di Terlizzi