Main Vulnerability Database SB2020040408

SB2020040408 - Debian update for gnutls28

Published: April 4, 2020

Security Bulletin ID SB2020040408

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of insufficiently random values (CVE-ID: CVE-2020-11501)

The vulnerability allows a remote attacker to decrypt data.

The vulnerability exists in GnuTLS DTLS protocol implementation due to an error in code that caused DTLS client not to contribute any randomness to the DTLS negotiation. As a result a remote attacker with ability to intercept network traffic can decrypt data passed via TLS 1.3 connection and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.debian.org/security/2020/dsa-4652