Univention Bugzilla – Bug 53476
gnutls28: Multiple issues (5.0)
Last modified: 2021-06-30 18:54:27 CEST
New Debian gnutls28 3.6.7-4+deb10u7 fixes: This update addresses the following issues: * Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) * Use after free in client key_share extension (CVE-2021-20231) * Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232)
--- mirror/ftp/pool/main/g/gnutls28/gnutls28_3.6.7-4+deb10u6.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/gnutls28_3.6.7-4+deb10u7.dsc @@ -1,3 +1,23 @@ +3.6.7-4+deb10u7 [Fri, 14 May 2021 13:33:38 +0200] Andreas Metzler <ametzler@debian.org>: + + * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from + 3.6.15: It was found by oss-fuzz that the server sending a + "no_renegotiation" alert in an unexpected timing, followed by an invalid + second handshake can cause a TLS 1.3 client to crash via a null-pointer + dereference. The crash happens in the application's error handling path, + where the gnutls_deinit function is called after detecting a handshake + failure. + GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547 + * Pull multiple fixes designated for 3.6.15 bugfix release: + + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch + + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch + + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch + (CVE-2021-20231) and + 47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch + (CVE-2021-20232), both together GNUTLS-SA-2021-03-10. + + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch + + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch + 3.6.7-4+deb10u6 [Sat, 02 Jan 2021 18:10:33 +0100] Andreas Metzler <ametzler@debian.org>: * 45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch <http://piuparts.knut.univention.de/5.0-0/#6016256816906014633>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] 0c45ee5dd1 Bug #53476: gnutls28 3.6.7-4+deb10u7 doc/errata/staging/gnutls28.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x34>