FS#67858 : [security] [openssl-1.0] CVE-2020-1968

Attached to Project: Arch Linux
Opened by loqs (loqs) - Wednesday, 09 September 2020, 19:21 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 13:37 GMT

Task Type	Bug Report
Category	Security
Status	Assigned
Assigned To	Pierre Schmitz (Pierre) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 leazar (leazar) (2021-06-30)
Private	No

Details

Description:
A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection.

Additional info:
* openssl-1.0 1.0.2.u-1
* https://www.openssl.org/news/secadv/20200909.txt

Comments (5)
Related Tasks (0/0)

Details

Loading...