Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 740390 (CVE-2020-24659) - <net-libs/gnutls-3.6.15: Null-pointer deref in TLS 1.3 client (CVE-2020-24659)
Summary: <net-libs/gnutls-3.6.15: Null-pointer deref in TLS 1.3 client (CVE-2020-24659)
Status: RESOLVED FIXED
Alias: CVE-2020-24659
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://gitlab.com/gnutls/gnutls/-/is...
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-04 14:51 UTC by Sam James
Modified: 2020-09-18 12:37 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/gnutls-3.6.15
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-09-04 14:51:32 UTC
Description:
"An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure."

Advisory: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
Comment 1 Sam James archtester gentoo-dev Security 2020-09-04 14:56:45 UTC
Please bump to 3.6.15.
Comment 2 Larry the Git Cow gentoo-dev 2020-09-04 16:14:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=807088725f04adee3a1e0ed9a8b41d8d647262b3

commit 807088725f04adee3a1e0ed9a8b41d8d647262b3
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-09-04 15:28:14 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-09-04 16:13:47 +0000

    net-libs/gnutls: bump to v3.6.15
    
    Bug: https://bugs.gentoo.org/649396
    Bug: https://bugs.gentoo.org/711104
    Bug: https://bugs.gentoo.org/740390
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/gnutls/Manifest                           |   1 +
 .../gnutls-3.6.15-skip-dtls-seccomp-tests.patch    |  26 ++++
 net-libs/gnutls/gnutls-3.6.15.ebuild               | 134 +++++++++++++++++++++
 3 files changed, 161 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2020-09-04 16:52:38 UTC
Thanks. Let us know when ready to stable.
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-09-05 21:16:56 UTC
x86 stable
Comment 5 Sam James archtester gentoo-dev Security 2020-09-05 22:39:38 UTC
amd64 done
Comment 6 Sam James archtester gentoo-dev Security 2020-09-05 22:45:02 UTC
arm64 done
Comment 7 Sam James archtester gentoo-dev Security 2020-09-06 00:20:53 UTC
arm done
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-09-06 00:27:52 UTC
This issue was resolved and addressed in
 GLSA 202009-01 at https://security.gentoo.org/glsa/202009-01
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 9 Thomas Deutschmann gentoo-dev Security 2020-09-06 00:29:09 UTC
Re-opening for remaining architectures.
Comment 10 Sam James archtester gentoo-dev Security 2020-09-06 00:31:09 UTC
arm done
Comment 11 Sam James archtester gentoo-dev Security 2020-09-06 14:35:44 UTC
ppc, ppc64 stable
Comment 12 Rolf Eike Beer 2020-09-09 21:04:14 UTC
hppa stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-09-18 08:05:59 UTC
sparc stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-09-18 08:12:11 UTC
s390 stable.

Maintainer(s), please cleanup.
Comment 15 Larry the Git Cow gentoo-dev 2020-09-18 10:30:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d7af8385b56e3b113c42f2f01db52d90bdb650f

commit 5d7af8385b56e3b113c42f2f01db52d90bdb650f
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-09-18 10:11:07 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-09-18 10:30:04 +0000

    net-libs/gnutls: Security cleanup
    
    Bug: https://bugs.gentoo.org/740390
    Package-Manager: Portage-3.0.7, Repoman-3.0.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-libs/gnutls/Manifest             |   1 -
 net-libs/gnutls/gnutls-3.6.14.ebuild | 132 -----------------------------------
 2 files changed, 133 deletions(-)