Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13337 closed enhancement (fixed)

gnutls-3.6.13 (GNUTLS-SA-2020-03-31, CVSS: high)

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (7)

comment:1 by Xi Ruoyao, 4 years ago

* Version 3.6.13 (released 2020-03-31)

** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
   The DTLS client would not contribute any randomness to the DTLS negotiation,
   breaking the security guarantees of the DTLS protocol (#960)
   [GNUTLS-SA-2020-03-31, CVSS: high]

** libgnutls: Added new APIs to access KDF algorithms (#813).

** libgnutls: Added new callback gnutls_keylog_func that enables a custom
   logging functionality.

** libgnutls: Added support for non-null terminated usernames in PSK
   negotiation (#586).

** gnutls-cli-debug: Improved support for old servers that only support
   SSL 3.0.

** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added

comment:2 by Xi Ruoyao, 4 years ago

Priority: normalhigh
Summary: gnutls-3.6.13gnutls-3.6.13 (GNUTLS-SA-2020-03-31, CVSS: high)

comment:3 by Douglas R. Reno, 4 years ago

GNUTLS-SA-2020-03-31
		Severity High; flaw in DTLS protocol implementation 	

    It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.
    Recommendation: To address the issue found upgrade to GnuTLS 3.6.13 or later versions.

comment:4 by Bruce Dubbs, 4 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:5 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 22930.

comment:6 by Bruce Dubbs, 4 years ago

Milestone: 9.210,0

Milestone renamed

comment:7 by Bruce Dubbs, 4 years ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.