32547 – gnutls new security issue CVE-2023-5981

Bug 32547 - gnutls new security issue CVE-2023-5981

Summary: gnutls new security issue CVE-2023-5981

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-11-21 10:46 CET by Nicolas Salguero
Modified:	2024-01-14 23:25 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	gnutls-3.8.0-2.mga9.src.rpm
CVE:	CVE-2023-5981
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2023-11-21 10:46:19 CET

That CVE was announced here:
https://www.openwall.com/lists/oss-security/2023/11/20/2
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23

Mageia 8 and 9 are also affected.

Nicolas Salguero 2023-11-21 10:47:10 CET

CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA9TOO, MGA8TOO
Status comment: (none) => Fixed upstream in 3.8.2
Source RPM: (none) => gnutls-3.8.1-1.mga10.src.rpm

Comment 1 Lewis Smith 2023-11-21 21:46:16 CET

Assigning to you, David, as you seem to be the principle maintainer for gnutls these day.

Assignee: bugsquad => geiger.david68210

Comment 2 Nicolas Salguero 2024-01-08 15:59:27 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. (CVE-2023-5981)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981
https://www.openwall.com/lists/oss-security/2023/11/20/2
https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
========================

Updated packages in core/updates_testing:
========================
gnutls-3.8.0-2.1.mga9
lib(64)gnutls-dane0-3.8.0-2.1.mga9
lib(64)gnutls-devel-3.8.0-2.1.mga9
lib(64)gnutls30-3.8.0-2.1.mga9
lib(64)gnutlsxx30-3.8.0-2.1.mga9

from SRPM:
gnutls-3.8.0-2.1.mga9.src.rpm

Assignee: geiger.david68210 => qa-bugs
Source RPM: gnutls-3.8.1-1.mga10.src.rpm => gnutls-3.8.0-2.mga9.src.rpm
Version: Cauldron => 9
Status comment: Fixed upstream in 3.8.2 => (none)
Status: NEW => ASSIGNED
CVE: (none) => CVE-2023-5981
Whiteboard: MGA9TOO, MGA8TOO => (none)

PC LX 2024-01-08 16:53:17 CET

CC: (none) => mageia

Comment 3 Marja Van Waes 2024-01-08 18:20:55 CET

Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

CC: (none) => marja11
Keywords: (none) => advisory

Comment 4 PC LX 2024-01-10 17:36:08 CET

Installed and minimally tested without issues.


Testing done using gnutls-serv as a server and gnutls-cli, sslscan and curl as clients.
Testing used Let's Encrypt valid certificates for testing.

Lots of packages depend on gnutl libs so two or three days of normal usage should be enough testing. I will report back if I find any issues.



System 1: Mageia 9, x86_64, AMD Ryzen 5 5600G with Radeon Graphics.


$ uname -a
Linux jupiter 6.5.13-desktop-6.mga9 #1 SMP PREEMPT_DYNAMIC Sun Dec 17 22:42:25 UTC 2023 x86_64 GNU/Linux
$ rpm -qa | grep gnutls | sort
gnutls-3.8.0-2.1.mga9
lib64glib-networking-gnutls-2.76.0-1.mga9
lib64gnutls30-3.8.0-2.1.mga9
lib64gnutls-dane0-3.8.0-2.1.mga9
libglib-networking-gnutls-2.76.0-1.mga9
libgnutls30-3.8.0-2.1.mga9


System 2: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.


# uname -a
Linux marte 6.5.13-desktop-7.mga9 #1 SMP PREEMPT_DYNAMIC Thu Dec 28 15:22:48 UTC 2023 x86_64 GNU/Linux
# rpm -qa | grep gnutls | sort
gnutls-3.8.0-2.1.mga9
lib64glib-networking-gnutls-2.76.0-1.mga9
lib64gnutls30-3.8.0-2.1.mga9
lib64gnutls-dane0-3.8.0-2.1.mga9


$ sslscan -6 example.com:5556
Version: 2.0.8
OpenSSL 3.0.12 24 Oct 2023

Trying IPv6 lookup

Connected to SNIP::2

Testing SSL server example.com on port 5556 using SNI name example.com

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 253
Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve 25519 DHE 253
Accepted  TLSv1.3  128 bits  TLS_AES_128_CCM_SHA256        Curve 25519 DHE 253
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  DHE-RSA-CHACHA20-POLY1305     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-CCM            DHE 2048 bits
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-CCM            DHE 2048 bits
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve 25519 DHE 253
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
Accepted  TLSv1.2  256 bits  AES256-CCM                   
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-CCM                   
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Failed to generate ECDHE key for nid 721
Failed to generate ECDHE key for nid 722
Failed to generate ECDHE key for nid 723
Failed to generate ECDHE key for nid 724
Failed to generate ECDHE key for nid 725
Failed to generate ECDHE key for nid 726
Failed to generate ECDHE key for nid 727
Failed to generate ECDHE key for nid 728
Failed to generate ECDHE key for nid 729
Failed to generate ECDHE key for nid 730
Failed to generate ECDHE key for nid 731
Failed to generate ECDHE key for nid 732
Failed to generate ECDHE key for nid 733
Failed to generate ECDHE key for nid 734
Failed to generate ECDHE key for nid 708
Failed to generate ECDHE key for nid 709
Failed to generate ECDHE key for nid 710
Failed to generate ECDHE key for nid 711
Failed to generate ECDHE key for nid 409
Failed to generate ECDHE key for nid 712

  Server Key Exchange Group(s):
TLSv1.3  128 bits  secp256r1 (NIST P-256)
TLSv1.3  192 bits  secp384r1 (NIST P-384)
TLSv1.3  260 bits  secp521r1 (NIST P-521)
Failed to generate ECDHE key for nid 927
Failed to generate ECDHE key for nid 931
Failed to generate ECDHE key for nid 933
TLSv1.3  128 bits  x25519
TLSv1.3  224 bits  x448
TLSv1.3  112 bits  ffdhe2048
TLSv1.3  128 bits  ffdhe3072
TLSv1.3  150 bits  ffdhe4096
TLSv1.3  175 bits  ffdhe6144
TLSv1.3  192 bits  ffdhe8192
Failed to generate ECDHE key for nid 721
Failed to generate ECDHE key for nid 722
Failed to generate ECDHE key for nid 723
Failed to generate ECDHE key for nid 724
Failed to generate ECDHE key for nid 725
Failed to generate ECDHE key for nid 726
Failed to generate ECDHE key for nid 727
Failed to generate ECDHE key for nid 728
Failed to generate ECDHE key for nid 729
Failed to generate ECDHE key for nid 730
Failed to generate ECDHE key for nid 731
Failed to generate ECDHE key for nid 732
Failed to generate ECDHE key for nid 733
Failed to generate ECDHE key for nid 734
Failed to generate ECDHE key for nid 708
Failed to generate ECDHE key for nid 709
Failed to generate ECDHE key for nid 710
Failed to generate ECDHE key for nid 711
Failed to generate ECDHE key for nid 409
Failed to generate ECDHE key for nid 712
TLSv1.2  128 bits  secp256r1 (NIST P-256)
TLSv1.2  192 bits  secp384r1 (NIST P-384)
TLSv1.2  260 bits  secp521r1 (NIST P-521)
Failed to generate ECDHE key for nid 927
Failed to generate ECDHE key for nid 931
Failed to generate ECDHE key for nid 933
TLSv1.2  128 bits  x25519
TLSv1.2  224 bits  x448

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    4096

Subject:  example.com
Altnames: DNS:example.com
Issuer:   R3

Not valid before: Nov 12 23:02:30 2023 GMT
Not valid after:  Feb 10 23:02:29 2024 GMT

$ curl -i6v https://example.com:5556/
*   Trying [SNIP::2]:5556...
* Connected to example.com (SNIP::2) port 5556 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=example.com
*  start date: Nov 12 23:02:30 2023 GMT
*  expire date: Feb 10 23:02:29 2024 GMT
*  subjectAltName: host "example.com" matched cert's "example.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: example.com:5556
> User-Agent: curl/7.88.1
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Content-type: text/html
Content-type: text/html

< 

<HTML><BODY>
<CENTER><H1>This is <a href="https://www.gnu.org/software/gnutls">GnuTLS</a></H1></CENTER>


<p>Session ID: <i>0FFC571D3BCB6A350656E96C6A1AC05942703A991F7091C2049346E0F1C31072</i></p>
<h5>If your browser supports session resumption, then you should see the same session ID, when you press the <b>reload</b> button.</h5>

<p>Server Name: example.com</p>
<P>
<TABLE border=1><TR><TD>Protocol version:</TD><TD>TLS1.3</TD></TR>
<TR><TD>Description:</TD><TD>(TLS1.3-X.509)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)</TD></TR>
<TR><TD>Cipher</TD><TD>AES-256-GCM</TD></TR>
<TR><TD>MAC</TD><TD>AEAD</TD></TR>
</TABLE></P>
<hr><P>Your HTTP header was:<PRE>Host: example.com:5556
User-Agent: curl/7.88.1
Accept: */*

</PRE></P>
</BODY></HTML>

* TLSv1.3 (IN), TLS alert, close notify (256):
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):

Comment 5 Brian Rockwell 2024-01-13 22:38:26 CET

MGA9-64, Gnome, hardware

The following 3 packages are going to be installed:

- gnutls-3.8.0-2.1.mga9.x86_64
- lib64gnutls-dane0-3.8.0-2.1.mga9.x86_64
- lib64unbound8-1.17.1-2.mga9.x86_64

5MB of additional disk space will be used.

---

new install

used gnutils-cli to ping mageia.org

worked

No c code being written here, but that is out there for someone who wants to try.

CC: (none) => brtians1

Comment 6 katnatek 2024-01-13 23:53:02 CET

Based on comment#4 and comment#5, I give Ok for 64b, please remove if found some reason to do

Whiteboard: (none) => MGA9-64-OK

Comment 7 Thomas Andrews 2024-01-14 18:01:06 CET

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 8 Mageia Robot 2024-01-14 23:25:51 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0008.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.