Debian Bug report logs -
#962289
gnutls28: CVE-2020-13777: session resumption works without master key allowing MITM
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#962289; Package src:gnutls28.
(Fri, 05 Jun 2020 16:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>.
(Fri, 05 Jun 2020 16:30:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gnutls28
Version: 3.6.13-4
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1011
Control: found -1 3.6.4-1
Control: found -1 3.6.7-4+deb10u3
Hi Andreas,
The following vulnerability was published for gnutsl28, filling it as
RC given the resulting in authentication bypass possibility, but if
you do not agree please downgrade.
CVE-2020-13777[0]:
| GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting
| a session ticket (a loss of confidentiality in TLS 1.2, and an
| authentication bypass in TLS 1.3). The earliest affected version is
| 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until
| the first key rotation, the TLS server always uses wrong data in place
| of an encryption key derived from an application.
If you want I can try to help preparing as well a corresponding
buster-security update.
The issue was introduced in 3.6.4 upstream, so stretch is not
affected.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
[1] https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
[2] https://gitlab.com/gnutls/gnutls/-/issues/1011
Regards,
Salvatore
Marked as found in versions gnutls28/3.6.4-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Fri, 05 Jun 2020 16:30:04 GMT) (full text, mbox, link).
Marked as found in versions gnutls28/3.6.7-4+deb10u3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Fri, 05 Jun 2020 16:30:04 GMT) (full text, mbox, link).
Reply sent
to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility.
(Sat, 06 Jun 2020 12:51:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 06 Jun 2020 12:51:07 GMT) (full text, mbox, link).
Message #14 received at 962289-close@bugs.debian.org (full text, mbox, reply):
Source: gnutls28
Source-Version: 3.6.14-1
Done: Andreas Metzler <ametzler@debian.org>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 962289@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Jun 2020 14:11:30 +0200
Source: gnutls28
Architecture: source
Version: 3.6.14-1
Distribution: unstable
Urgency: high
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 962199 962218 962289
Changes:
gnutls28 (3.6.14-1) unstable; urgency=high
.
* Drop debugging code added in -4, fixes nocheck profile build error.
Closes: #962199
* Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to
debian/upstream/signing-key.asc.
* New upstream version.
+ Fixes insecure session ticket key construction.
[GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289
+ Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
51_02-x509-trigger-fallback-verification-path-when-cert-is.patch
51_03-tests-add-test-case-for-certificate-chain-supersedin.patch
* Drop guile-gnutls.lintian-overrides.
* 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass
AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without
IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!)
Hopefully Closes: #962218
Checksums-Sha1:
7c9199a08f66d1d0431141be3a3ffe6ac6e376e5 3479 gnutls28_3.6.14-1.dsc
bea1b5abcb691acf014e592f41d0a9580a41216a 6069088 gnutls28_3.6.14.orig.tar.xz
49cb57a9accb3a95a0c23605b2c8d76b21d90dd0 854 gnutls28_3.6.14.orig.tar.xz.asc
7c18ebbc0669216fa3ad82ba6539276cb0626a3d 62708 gnutls28_3.6.14-1.debian.tar.xz
Checksums-Sha256:
9f85587356a29ceb26ba6d741348e190090b9f2c86b6352626eff2ea5cbe6dfd 3479 gnutls28_3.6.14-1.dsc
5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63 6069088 gnutls28_3.6.14.orig.tar.xz
a3e05b531b68a4aca8fdc5dce83e7091b5aa859d76de7e8ba9992047272f04dd 854 gnutls28_3.6.14.orig.tar.xz.asc
1414cfc508353c270c55043b65a2279b86e75370e501f7fefd175ca7bcf07aee 62708 gnutls28_3.6.14-1.debian.tar.xz
Files:
72de6549424ab4b283f02c94aa89ffd0 3479 libs optional gnutls28_3.6.14-1.dsc
bf70632d420e421baff482247f01dbfe 6069088 libs optional gnutls28_3.6.14.orig.tar.xz
19d5bef6bc38dec017b5d345ac6cf578 854 libs optional gnutls28_3.6.14.orig.tar.xz.asc
0b33c05bcaca099c34db04074cf65bbd 62708 libs optional gnutls28_3.6.14-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl7bjKUACgkQpU8BhUOC
FIRhog/+KYNWbEM6TPmBS9ZIbKuprvlCvc0Sax/JtCOIUrhOebhTX6CQmC66wcB6
LEHcySYOYdtHEurHgDwud2lsLFf7VLgNiIxZMRYeAAdQoISuNOl81IOhhTTUFSGM
QHC0GSdCLiphTjvr0m40qU4WMsa03IztgGjO1b06WYN57QQOP996XNjij7GbAjjx
+H0/9xIJExoKlpLdFVxVYVjyOIi4UNZmI900MiJNFzuPtgSZ0a1U+z+NMSHtlAwp
F35TG/DGHa++dPHtX2yKvmdaa5W9U+bbctzAs8EE7MEhxS7i44IdhwCQNCt4Nmf5
OoJAwg4qiK3go9JG0lveuyj1V547DvAQkQlg7sReEjoJKjN8OwvMFJel5XgyR6uL
w60nwBOfWGw+2foMuti/94cRU1G1dlBHkTpo119T+c13yLI1ltaCfjVc+029KMVa
k0qLLGs5YWEBK+m0Bke23NFfjoqjdA8O3fFXGpyWW3KRYu5XkPk9MDvtRSUj34S8
hTG9gArcAwVmvl+4qh77Giz20IPhdxlBeA7smy4f7U3kG8VpoINhay25c4SHvT0u
KVzpCtdqxP4/+w4oZ5WZyTXUmQQSBeHALSGzeLsylHoJR28klCdUXC2544D4+dCZ
V59gDCr0UXosmWL4ZEDLlNX38cg/wrZXg23ej9AR7Xj2Z8bCTR4=
=utoV
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jun 6 13:39:54 2020;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon