Bug#962289: gnutls28: CVE-2020-13777: session resumption works without master key allowing MITM
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 5 17:27:45 BST 2020
Source: gnutls28
Version: 3.6.13-4
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/issues/1011
Control: found -1 3.6.4-1
Control: found -1 3.6.7-4+deb10u3
Hi Andreas,
The following vulnerability was published for gnutsl28, filling it as
RC given the resulting in authentication bypass possibility, but if
you do not agree please downgrade.
CVE-2020-13777[0]:
| GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting
| a session ticket (a loss of confidentiality in TLS 1.2, and an
| authentication bypass in TLS 1.3). The earliest affected version is
| 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until
| the first key rotation, the TLS server always uses wrong data in place
| of an encryption key derived from an application.
If you want I can try to help preparing as well a corresponding
buster-security update.
The issue was introduced in 3.6.4 upstream, so stretch is not
affected.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
[1] https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
[2] https://gitlab.com/gnutls/gnutls/-/issues/1011
Regards,
Salvatore
More information about the Pkg-gnutls-maint
mailing list