Bug 26749 - gnutls new security issue CVE-2020-13777
Summary: gnutls new security issue CVE-2020-13777
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-06-09 19:22 CEST by David Walser
Modified: 2020-06-21 00:46 CEST (History)
6 users (show)

See Also:
Source RPM: gnutls-3.6.7-1.1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-06-09 19:22:26 CEST 
Debian has issued an advisory on June 6:
https://www.debian.org/security/2020/dsa-4697

Upstream reference:
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03

The issue is fixed upstream in 3.6.14.
Comment 1 David Walser 2020-06-09 19:33:26 CEST 
Ubuntu has issued an advisory for this on June 5:
https://usn.ubuntu.com/4384-1/

Status comment: (none) => Fixed upstream in 3.6.14

Comment 2 Lewis Smith 2020-06-09 20:45:30 CEST 
DavidG, assigning this to you as having updated this SRPM most recently. It has no registered maintainer.

Assignee: bugsquad => geiger.david68210

Comment 3 David Walser 2020-06-09 22:43:26 CEST 
Fedora has issued an advisory for this on June 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VMB3UGI5H5RCFRU6OGRPMNUCNLJGEN7Y/
Comment 4 David GEIGER 2020-06-16 16:33:33 CEST 
Done for mga7!
Comment 5 David Walser 2020-06-16 22:50:08 CEST 
Advisory:
========================

Updated gnutls packages fix security vulnerability:

It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol
implementation. This caused the TLS server to not securely construct a session
ticket encryption key considering the application supplied secret, allowing a
MitM attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (CVE-2020-13777).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
========================

Updated packages in core/updates_testing:
========================
gnutls-3.6.14-1.mga7
libgnutls30-3.6.14-1.mga7
libgnutlsxx28-3.6.14-1.mga7
libgnutls-devel-3.6.14-1.mga7

from gnutls-3.6.14-1.mga7.src.rpm

Status comment: Fixed upstream in 3.6.14 => (none)
CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs

Comment 6 Len Lawrence 2020-06-18 09:45:34 CEST 
mga7, x64

CVE-2020-13777
There is a test at this address:
https://gitlab.com/gnutls/gnutls/-/issues/1008
Not sure if it can be regarded as a PoC though.

$ gnutls-cli support.sectigo.com
Processed 153 CA certificate(s).
Resolving 'support.sectigo.com:443'...
Connecting to '161.71.22.162:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
[...]
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

Updated the packages and ran the test again.
$ gnutls-cli support.sectigo.com
[...]
- Status: The certificate is trusted. 
- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
- Session ID: 1C:CB:AE:35:11:2E:C3:39:44:D3:E9:37:BB:B7:AA:00:4A:EC:97:F0:10:88:4B:FC:14:C5:0D:53:08:C7:7A:91
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:

$ urpmq --whatrequires lib64gnutls30 | sort -u > list
The list contains 146 entries; systemd, samba, tiger-vnc, qemu ...

These are all beyond my everyday experience apart from systemd and there it would be necessary to run a systemd command which entails using the libraries.
If anybody knows of any such please feel free.

Beyond that the updates went in and gnutls continued to function on the command line.

CC: (none) => tarazed25

Comment 7 PC LX 2020-06-18 11:59:09 CEST 
Installed and tested without issues.

On this workstation, 50 packages require the lib64gnutls30 package. Some, like systemd are critical to the system.
Tested for about a day of workstation usage. No regressions noticed.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using ncidia340 proprietary driver.

$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep gnutls.*3.6.14
gnutls-3.6.14-1.mga7
lib64gnutls30-3.6.14-1.mga7
$ LANGUAGE=C rpm -q $(urpmq --whatrequires lib64gnutls30 | sort -u) | grep -v "not installed" | wc -l
50


$ ### BEFORE UPDATE
$ gnutls-cli support.sectigo.com
Processed 153 CA certificate(s).
Resolving 'support.sectigo.com:443'...
Connecting to '161.71.22.162:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=support.sectigo.com,OU=COMODO EV SSL,OU=IT,O=Comodo CA Limited,street=3rd Floor Building 26,street=Office Village Exchange Quay,street=Trafford Road,L=Salford,ST=Manchester,postalCode=M5 3EQ,C=GB,businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=04058690', issuer `CN=COMODO RSA Extended Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x6a6d5a985263e1676288c3a67c3d61d3, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-11-01 00:00:00 UTC', expires `2020-10-31 23:59:59 UTC', pin-sha256="ueQdDfIoPaNUMl4eyn19K6opv6brR+PQ/GCuY3hxHv0="
        Public Key ID:
                sha1:d819ea14af7a4a45250f3d968050fffbaf36a1c7
                sha256:b9e41d0df2283da354325e1eca7d7d2baa29bfa6eb47e3d0fc60ae6378711efd
        Public Key PIN:
                pin-sha256:ueQdDfIoPaNUMl4eyn19K6opv6brR+PQ/GCuY3hxHv0=

- Certificate[1] info:
 - subject `CN=COMODO RSA Extended Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x06a74380d4ebfed435b5a3f7e16abdd8, RSA key 2048 bits, signed using RSA-SHA384, activated `2012-02-12 00:00:00 UTC', expires `2027-02-11 23:59:59 UTC', pin-sha256="Fbr/5aSOo4KRal8YE49t4lc76IOnK/oto9NWV1cSKWM="
- Certificate[2] info:
 - subject `CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', pin-sha256="grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME="
- Status: The certificate is NOT trusted. The certificate chain uses expired certificate. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.


$ ### AFTER UPDATE
$ gnutls-cli support.sectigo.com
Processed 153 CA certificate(s).
Resolving 'support.sectigo.com:443'...
Connecting to '161.71.22.162:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=support.sectigo.com,OU=COMODO EV SSL,OU=IT,O=Comodo CA Limited,street=3rd Floor Building 26,street=Office Village Exchange Quay,street=Trafford Road,L=Salford,ST=Manchester,postalCode=M5 3EQ,C=GB,businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=04058690', issuer `CN=COMODO RSA Extended Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x6a6d5a985263e1676288c3a67c3d61d3, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-11-01 00:00:00 UTC', expires `2020-10-31 23:59:59 UTC', pin-sha256="ueQdDfIoPaNUMl4eyn19K6opv6brR+PQ/GCuY3hxHv0="
        Public Key ID:
                sha1:d819ea14af7a4a45250f3d968050fffbaf36a1c7
                sha256:b9e41d0df2283da354325e1eca7d7d2baa29bfa6eb47e3d0fc60ae6378711efd
        Public Key PIN:
                pin-sha256:ueQdDfIoPaNUMl4eyn19K6opv6brR+PQ/GCuY3hxHv0=

- Certificate[1] info:
 - subject `CN=COMODO RSA Extended Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x06a74380d4ebfed435b5a3f7e16abdd8, RSA key 2048 bits, signed using RSA-SHA384, activated `2012-02-12 00:00:00 UTC', expires `2027-02-11 23:59:59 UTC', pin-sha256="Fbr/5aSOo4KRal8YE49t4lc76IOnK/oto9NWV1cSKWM="
- Certificate[2] info:
 - subject `CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB', issuer `CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x2766ee56eb49f38eabd770a2fc84de22, RSA key 4096 bits, signed using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', pin-sha256="grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME="
- Status: The certificate is trusted. 
- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
- Session ID: B6:9C:59:D6:4A:21:0D:FB:1E:E4:1E:C8:32:E9:34:00:E8:B6:F9:C3:44:78:71:2F:CE:33:BB:31:02:79:84:13
- Options: safe renegotiation,
- Handshake was completed

- Simple Client Mode:

^C

CC: (none) => mageia

Comment 8 Len Lawrence 2020-06-18 12:39:25 CEST 
Adding the OK in respect of general use of the system as pointed out in comment 7.

Whiteboard: (none) => MGA7-64-OK

Comment 9 Thomas Andrews 2020-06-20 01:22:11 CEST 
Validating. Advisory in Comment 5.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Nicolas Lécureuil 2020-06-21 00:10:11 CEST

Keywords: (none) => advisory
CC: (none) => mageia

Comment 10 Mageia Robot 2020-06-21 00:46:18 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0268.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.