PublicDateAtUSN: 2020-06-04 07:15:00 UTC
Candidate: CVE-2020-13777
PublicDate: 2020-06-04 07:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
 https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
 https://ubuntu.com/security/notices/USN-4384-1
Description:
 GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a
 session ticket (a loss of confidentiality in TLS 1.2, and an authentication
 bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24)
 because of an error in a 2018-09-18 commit. Until the first key rotation,
 the TLS server always uses wrong data in place of an encryption key derived
 from an application.
Ubuntu-Description:
Notes:
 mdeslaur> introduced in 3.6.4
Mitigation:
Bugs:
 https://gitlab.com/gnutls/gnutls/-/issues/1011
 https://bugzilla.redhat.com/show_bug.cgi?id=1843723
Priority: high
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N [7.4 HIGH]


Patches_gnutls28:
 upstream: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
 upstream: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da
upstream_gnutls28: released (3.6.14)
precise/esm_gnutls28: DNE
trusty_gnutls28: ignored (out of standard support)
trusty/esm_gnutls28: DNE
xenial_gnutls28: not-affected (code not present)
esm-infra/xenial_gnutls28: not-affected (code not present)
bionic_gnutls28: not-affected (code not present)
eoan_gnutls28: released (3.6.9-5ubuntu1.2)
focal_gnutls28: released (3.6.13-2ubuntu1.1)
devel_gnutls28: released (3.6.13-4ubuntu2)