This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="202009-01">
<title>GnuTLS: Denial of service</title>
<synopsis>A flaw was found in GnuTLS, possibly allowing a Denial of Service
condition.
</synopsis>
<producttype="ebuild">gnutls</product>
<announced>2020-09-06</announced>
<revisedcount="1">2020-09-06</revised>
<bug>740390</bug>
<access>local, remote</access>
<affected>
<packagename="net-libs/gnutls"auto="yes"arch="*">
<unaffectedrange="ge">3.6.15</unaffected>
<vulnerablerange="lt">3.6.15</vulnerable>
</package>
</affected>
<background>
<p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
</background>
<description>
<p>It was found that GnuTLS didn’t handle “no_renegotiation” alert
properly.
</p>
</description>
<impacttype="low">
<p>A remote attacker could entice a user to connect to a malicious TLS
endpoint using an application linked against GnuTLS, possibly resulting
in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GnuTLS users should upgrade to the latest version:</p>