Slackware-current ChangeLog (2020-06-03)
Wed Jun 3 20:21:52 UTC 2020
Packages
Upgraded
- n/gnutls-3.6.14-i586-1.txz
Fixed insecure session ticket key construction, since 3.6.4. The TLS server
would not bind the session ticket encryption key with a value supplied by
the application until the initial key rotation, allowing attacker to bypass
authentication in TLS 1.3 and recover previous conversations in TLS 1.2.
[GNUTLS-SA-2020-06-03, CVSS: high]
(* Security fix *)