Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.0.11+really2.12.23-12ubuntu2.4", "binary_name": "gnutls-bin" }, { "binary_version": "3.0.11+really2.12.23-12ubuntu2.4", "binary_name": "gnutls-bin-dbgsym" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "gnutls26-doc" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls-dev" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls-dev-dbgsym" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls-openssl27" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls-openssl27-dbgsym" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls26" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls26-dbg" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutls26-dbgsym" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutlsxx27" }, { "binary_version": "2.12.23-12ubuntu2.4", "binary_name": "libgnutlsxx27-dbgsym" } ] }