Bug 1821896 (CVE-2020-11501)

Summary: CVE-2020-11501 gnutls: DTLS client hello contains a random value of all zeroes
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ansasaki, cfergeau, crypto-team, deallen, dueno, elima, erik-fedora, fidencio, jv+fedora, marcandre.lureau, mike, nmavrogi, pemensik, pspacek, rh-spice-bugs, rjones, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls 3.6.13 Doc Type: If docs needed, set a value
Doc Text:
A cryptographic weakness was found in the way DLTS implementation of GnuTLS, used zeros in place of random numbers. This flaw can break the security guarantee of the DTLS protocol.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-30 22:31:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1821898, 1821899, 1822005, 1826176    
Bug Blocks: 1821900    

Description Guilherme de Almeida Suckevicz 2020-04-07 19:15:24 UTC 
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

References:
https://gitlab.com/gnutls/gnutls/-/issues/960
https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31
Comment 1 Guilherme de Almeida Suckevicz 2020-04-07 19:17:09 UTC 
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1821898]


Created mingw-gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1821899]
Comment 2 Huzaifa S. Sidhpurwala 2020-04-08 03:47:53 UTC 
Statement:

The earliest affected version is gnuTLS-3.6.3. Therefore versions of gnuTLS shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this flaw.
Comment 5 errata-xmlrpc 2020-04-30 17:32:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1998 https://access.redhat.com/errata/RHSA-2020:1998
Comment 6 Product Security DevOps Team 2020-04-30 22:31:52 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-11501
Comment 7 Huzaifa S. Sidhpurwala 2020-05-16 03:34:14 UTC 
External References:

https://www.redhat.com/en/blog/understanding-dtls-all-zero-clienthellorandom-vulnerability
Comment 8 Eddie Allen 2020-07-23 16:10:20 UTC 
RHEL UBI8 images show the following:

$ docker pull registry.redhat.io/ubi8-minimal:latest && docker run -ti registry.redhat.io/ubi8-minimal:latest bash -c "rpm -aq | grep tls"
latest: Pulling from ubi8-minimal
Digest: sha256:5a857c1d77b1dbb72f11e6d95ca01c3dab947f0c95ca53a6a28eabf4f3f9463a
Status: Image is up to date for registry.redhat.io/ubi8-minimal:latest
registry.redhat.io/ubi8-minimal:latest
gnutls-3.6.8-11.el8_2.x86_64

Has this fix been ported to the gnutls-3.6.8-11.el8_2.x86_64 package that is shipped with UBI8?