Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 775338 (CVE-2021-20231, CVE-2021-20232, GNUTLS-SA-2021-03-10)

Summary: ~net-libs/gnutls-3.7.1: Use-after-free in key_share, pre_shared_key extensions (CVE-2021-{20231,20232})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: base-system
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
Whiteboard: ~3 [noglsa]
Package list:
net-libs/gnutls-3.7.1 *
 Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-11 05:14:20 UTC 
From release notes of 3.7.1:

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 05:42:44 UTC 
Ping
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-03-28 06:06:08 UTC 
Only 3.7.x is affected which isn't stable.
Comment 3 Larry the Git Cow gentoo-dev 2021-03-28 06:08:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42cb2c95be07553ccb6c28c1634e8b64602c3fe1

commit 42cb2c95be07553ccb6c28c1634e8b64602c3fe1
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-03-28 06:07:24 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-03-28 06:08:22 +0000

    net-libs/gnutls: drop vulnerable version
    
    Bug: https://bugs.gentoo.org/775338
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/gnutls/Manifest                           |   1 -
 ...nutls-3.7.0-ignore-duplicate-certificates.patch | 403 ---------------------
 net-libs/gnutls/gnutls-3.7.0-r1.ebuild             | 139 -------
 3 files changed, 543 deletions(-)
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2021-03-28 06:08:49 UTC 
Repository is clean, all done.