公告ID: KYLIN-2020-13777
安全等级: 重要
产品: Kylin V3
发布日期: 2020年6月3日
CVE: CVE-2020-13777
CVSS3评分: 7.4
概述:
The gnutls version as shipped with Red Hat Enterprise Linux 7 and earlier are not affected as the bug was introduced in upstream at gnutls-3.6.4, while the before mentioned Red Hat Enterprise releases are based in older versions which doesn't carry the affected code. 描述:
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. 系统版本:
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.4.x
受影响包列表:
gnutls
gnutls
gnutls
gnutls