Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Red Hat Enterprise Linux 8 gnutls MITM Risk Advisory RHSA-2020-2637-01

Calendar Jun 22, 2020 User Avatar LinuxSecurity Advisories
4 - 7 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory Red Hat update important gnutls cryptographic MITM
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: gnutls security update
Advisory ID:       RHSA-2020:2637-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2637
Issue date:        2020-06-22
CVE Names:         CVE-2020-13777 
====================================================================
1. Summary:

An update for gnutls is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS)
library, which implements cryptographic algorithms and protocols such as
SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: session resumption works without master key allowing MITM
(CVE-2020-13777)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1843723 - CVE-2020-13777 gnutls: session resumption works without master key allowing MITM

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:
gnutls-c++-3.6.8-11.el8_2.aarch64.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-dane-3.6.8-11.el8_2.aarch64.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-debugsource-3.6.8-11.el8_2.aarch64.rpm
gnutls-devel-3.6.8-11.el8_2.aarch64.rpm
gnutls-utils-3.6.8-11.el8_2.aarch64.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.aarch64.rpm

ppc64le:
gnutls-c++-3.6.8-11.el8_2.ppc64le.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-dane-3.6.8-11.el8_2.ppc64le.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-debugsource-3.6.8-11.el8_2.ppc64le.rpm
gnutls-devel-3.6.8-11.el8_2.ppc64le.rpm
gnutls-utils-3.6.8-11.el8_2.ppc64le.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.ppc64le.rpm

s390x:
gnutls-c++-3.6.8-11.el8_2.s390x.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-dane-3.6.8-11.el8_2.s390x.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-debugsource-3.6.8-11.el8_2.s390x.rpm
gnutls-devel-3.6.8-11.el8_2.s390x.rpm
gnutls-utils-3.6.8-11.el8_2.s390x.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.s390x.rpm

x86_64:
gnutls-c++-3.6.8-11.el8_2.i686.rpm
gnutls-c++-3.6.8-11.el8_2.x86_64.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-dane-3.6.8-11.el8_2.i686.rpm
gnutls-dane-3.6.8-11.el8_2.x86_64.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-debugsource-3.6.8-11.el8_2.i686.rpm
gnutls-debugsource-3.6.8-11.el8_2.x86_64.rpm
gnutls-devel-3.6.8-11.el8_2.i686.rpm
gnutls-devel-3.6.8-11.el8_2.x86_64.rpm
gnutls-utils-3.6.8-11.el8_2.x86_64.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
gnutls-3.6.8-11.el8_2.src.rpm

aarch64:
gnutls-3.6.8-11.el8_2.aarch64.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-debuginfo-3.6.8-11.el8_2.aarch64.rpm
gnutls-debugsource-3.6.8-11.el8_2.aarch64.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.aarch64.rpm

ppc64le:
gnutls-3.6.8-11.el8_2.ppc64le.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
gnutls-debugsource-3.6.8-11.el8_2.ppc64le.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.ppc64le.rpm

s390x:
gnutls-3.6.8-11.el8_2.s390x.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-debuginfo-3.6.8-11.el8_2.s390x.rpm
gnutls-debugsource-3.6.8-11.el8_2.s390x.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.s390x.rpm

x86_64:
gnutls-3.6.8-11.el8_2.i686.rpm
gnutls-3.6.8-11.el8_2.x86_64.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-c++-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-dane-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-debuginfo-3.6.8-11.el8_2.x86_64.rpm
gnutls-debugsource-3.6.8-11.el8_2.i686.rpm
gnutls-debugsource-3.6.8-11.el8_2.x86_64.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.i686.rpm
gnutls-utils-debuginfo-3.6.8-11.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-13777
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXvBWTtzjgjWX9erEAQiDCA//S9OoPPAvPEboRW/+Zitrd2dT1WHaU6T1
EBn8moB19WwblBTSiPGSoBNP0PqQuhi9tGTlmoxysUrdqmfFlABaw/rJUNUOjdW/
02aD/L0jRT/FWKntFWz6KeGioHg9N8igEyvN2mhwMNTyuENxLAlKNFwaq7AjLLuD
VIdVUWu/eANqECJCcZpN62k0i4IDwZPQ56REnZTEG05HPgGiCWbSskFz/Zds5sQO
9EOCLy4caUSrgdBck8FfMx1gXf4JRqRoq6/oHdwzWqBpSKaxq3SxIKaw5GisMkx7
B3v0F/lDVeICnBD9zwwObQGHBb+TFaGxSyY8E2xOGf360zvkQKqgmFn/ZOBeAYs5
fp7qPaNSMd9NvNtVyfBDkYBe8lv10oYnzRCUQXHZPFi53yOZxb+bZ9SetVhEuM8a
sAzc81qw9Wr8i6bjODqnQEdafVanWql6AiI7RcU2FYqnljZfAyf7TJfS1pZaq75M
9Kh2oPjVVud6K99YZ+KZzqZR/QooPhv8qdqdm+H6YVnA0kH9R2l3z+XasWb9jF/1
eSkkRoj/AO4uOXji1po8S8OamNY0RTMTDE8zRqFShbtGvQ3OfHChpGOgCqEZkJCD
s1op2knfHr1aPm1KFpIseFMWGEmYQQvEfyvs0+ty+0kXCjiD/a7wfKSGYdOXRX/W
vb6QFJiGGq0=sNEA
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Warning: Undefined array key "solution" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 316

Red Hat Enterprise Linux 8 gnutls MITM Risk Advisory RHSA-2020-2637-01

red hat
Calendar Grey June 22, 2020
Dist Redhat Esm H88
Important OpenSSL patch released for CentOS systems to fix potential eavesdropping vulnerabilities. Discover the update details here.
An update for gnutls is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Security Fix(es):
* gnutls: session resumption works without master key allowing MITM (CVE-2020-13777)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update important gnutls cryptographic MITM

References

https://access.redhat.com/security/cve/CVE-2020-13777 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux AppStream (v. 8):
aarch64: gnutls-c++-3.6.8-11.el8_2.aarch64.rpm gnutls-c++-debuginfo-3.6.8-11.el8_2.aarch64.rpm gnutls-dane-3.6.8-11.el8_2.aarch64.rpm gnutls-dane-debuginfo-3.6.8-11.el8_2.aarch64.rpm gnutls-debuginfo-3.6.8-11.el8_2.aarch64.rpm gnutls-debugsource-3.6.8-11.el8_2.aarch64.rpm gnutls-devel-3.6.8-11.el8_2.aarch64.rpm gnutls-utils-3.6.8-11.el8_2.aarch64.rpm gnutls-utils-debuginfo-3.6.8-11.el8_2.aarch64.rpm
ppc64le: gnutls-c++-3.6.8-11.el8_2.ppc64le.rpm gnutls-c++-debuginfo-3.6.8-11.el8_2.ppc64le.rpm gnutls-dane-3.6.8-11.el8_2.ppc64le.rpm gnutls-dane-debuginfo-3.6.8-11.el8_2.ppc64le.rpm gnutls-debuginfo-3.6.8-11.el8_2.ppc64le.rpm gnutls-debugsource-3.6.8-11.el8_2.ppc64le.rpm gnutls-devel-3.6.8-11.el8_2.ppc64le.rpm gnutls-utils-3.6.8-11.el8_2.ppc64le.rpm gnutls-utils-debuginfo-3.6.8-11.el8_2.ppc64le.rpm
s390x: gnutls-c++-3.6.8-11.el8_2.s390x.rpm gnutls-c++-debuginfo-3.6.8-11.el8_2.s390x.rpm gnutls-dane-3.6.8-11.el8_2.s390x.rpm gnutls-dane-debuginfo-3.6.8-11.el8_2.s390x.rpm gnutls-debuginfo-3.6.8-11.el8_2.s390x.rpm gnutls-debugsource-3.6.8-11.el8_2.s390x.rpm gnutls-devel-3.6.8-11.el8_2.s390x.rpm gnutls-utils-3.6.8-11.el8_2.s390x.rpm gnutls-utils-debuginfo-3.6.8-11.el8_2.s390x.rpm
x86_64: gnutls-c++-3.6.8-11.el8_2.i686.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:2637-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2637
Issue date: 2020-06-22

Topic

An update for gnutls is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update important gnutls cryptographic MITM

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1843723 - CVE-2020-13777 gnutls: session resumption works without master key allowing MITM

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here