Name | CVE-2020-13777 |
Description | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-4697-1 |
Debian Bugs | 962289 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
gnutls28 (PTS) | jessie, jessie (lts) | 3.3.30-0+deb8u2 | fixed |
stretch (security) | 3.5.8-5+deb9u6 | fixed | |
stretch (lts), stretch | 3.5.8-5+deb9u7 | fixed | |
buster (security), buster, buster (lts) | 3.6.7-4+deb10u12 | fixed | |
bullseye | 3.7.1-5+deb11u5 | fixed | |
bullseye (security) | 3.7.1-5+deb11u6 | fixed | |
bookworm | 3.7.9-2+deb12u3 | fixed | |
sid, trixie | 3.8.8-2 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
gnutls28 | source | jessie | (not affected) | |||
gnutls28 | source | stretch | (not affected) | |||
gnutls28 | source | buster | 3.6.7-4+deb10u4 | DSA-4697-1 | ||
gnutls28 | source | (unstable) | 3.6.14-1 | 962289 |
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
[jessie] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
https://bugzilla.redhat.com/show_bug.cgi?id=1843723
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
https://gitlab.com/gnutls/gnutls/-/issues/1011
https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da