Debian has issued an advisory on April 4:
The issue is fixed upstream in 3.6.13.
Assigning to you, DavidG, as having committed this previously. No registered maintainer.
It looks as if DavidW has just committed 3.6.13.
Done for mga7!
Updated gnutls packages fix security vulnerability:
A flaw was reported in the DTLS protocol implementation in GnuTLS. The DTLS
client would not contribute any randomness to the DTLS negotiation, breaking
the security guarantees of the DTLS protocol (CVE-2020-11501).
Updated packages in core/updates_testing:
Ubuntu has issued an advisory for this today (April 7):
MGA7-64 Plasma on Lenovo B50
No installation isssues.
Ref to previous bug is no help, the xombrero package isn't anymore in the repos.
Testing it own commands:
$ gnutls-cli <mywebsever>
Processed 156 CA certificate(s).
Connecting to '192.168.2.1:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate info:
- subject `EMAIL=root@localhost,OU=default httpd cert for localhost,CN=localhost', issuer `EMAIL=root@localhost,OU=default httpd cert for localhost,CN=localhost', serial 0x00e3ee000a2bf5d3c8, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-12-29 13:19:18 UTC', expires `2020-12-28 13:19:18 UTC', pin-sha256="lQTW7XKLrPuHit3Kpdh+tTSYK/HmL+hr7gBymvEXpEo="
Public Key ID:
Public Key PIN:
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
That's fair enough.
Warning: no private key and certificate pairs were set.
HTTP Server listening on IPv4 0.0.0.0 port 5556...done
HTTP Server listening on IPv6 :: port 5556...done
pointed the browser to http://localhost:5556/ and got answer, but only some binary data.
Good enough to prove the thing works.
Validating. Advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.