Opened 4 years ago

Closed 4 years ago

#14004 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Pierre Labastie
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version.

Change History (5)

comment:1 by Pierre Labastie, 4 years ago

Owner: changed from blfs-book to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 4 years ago

* Version 3.6.15 (releases 2020-09-04)

** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
   The server sending a "no_renegotiation" alert in an unexpected timing,
   followed by an invalid second handshake was able to cause a TLS 1.3 client to
   crash via a null-pointer dereference. The crash happens in the application's
   error handling path, where the gnutls_deinit function is called after
   detecting a handshake failure (#1071).  [GNUTLS-SA-2020-09-04, CVSS: medium]

** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
   indicates that with a false return value (!1306).

** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
   accordingly to SP800-56A rev 3 (!1295, !1299).

** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
   the size of the internal base64 blob (#1025). The new behavior aligns to the
   existing documentation.

** libgnutls: Certificate verification failue due to OCSP must-stapling is not
   honered is now correctly marked with the GNUTLS_CERT_INVALID flag
   (!1317). The new behavior aligns to the existing documentation.

** libgnutls: The audit log message for weak hashes is no longer printed twice

** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
   disabled in the priority string. Previously, even when TLS 1.2 is explicitly
   disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
   enabled (#1054).

** API and ABI modifications:
No changes since last version.

comment:3 by Pierre Labastie, 4 years ago

See for the security advisory (rated moderate).

comment:4 by Pierre Labastie, 4 years ago

Priority: normalhigh

comment:5 by Pierre Labastie, 4 years ago

Resolution: fixed
Status: assignedclosed

fixed at r23681

Note: See TracTickets for help on using tickets.