| Name | CVE-2020-13777 |
| Description | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-4697-1 |
| Debian Bugs | 962289 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gnutls28 (PTS) | bullseye | 3.7.1-5+deb11u5 | fixed |
| bullseye (security) | 3.7.1-5+deb11u6 | fixed | |
| bookworm | 3.7.9-2+deb12u3 | fixed | |
| sid, trixie | 3.8.8-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gnutls28 | source | jessie | (not affected) | |||
| gnutls28 | source | stretch | (not affected) | |||
| gnutls28 | source | buster | 3.6.7-4+deb10u4 | DSA-4697-1 | ||
| gnutls28 | source | (unstable) | 3.6.14-1 | 962289 |
[stretch] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
[jessie] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
https://bugzilla.redhat.com/show_bug.cgi?id=1843723
https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
https://gitlab.com/gnutls/gnutls/-/issues/1011
https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da