GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. References: https://gitlab.com/gnutls/gnutls/-/issues/960 https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31
Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1821898] Created mingw-gnutls tracking bugs for this issue: Affects: fedora-all [bug 1821899]
Statement: The earliest affected version is gnuTLS-3.6.3. Therefore versions of gnuTLS shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this flaw.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1998 https://access.redhat.com/errata/RHSA-2020:1998
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11501
External References: https://www.redhat.com/en/blog/understanding-dtls-all-zero-clienthellorandom-vulnerability
RHEL UBI8 images show the following: $ docker pull registry.redhat.io/ubi8-minimal:latest && docker run -ti registry.redhat.io/ubi8-minimal:latest bash -c "rpm -aq | grep tls" latest: Pulling from ubi8-minimal Digest: sha256:5a857c1d77b1dbb72f11e6d95ca01c3dab947f0c95ca53a6a28eabf4f3f9463a Status: Image is up to date for registry.redhat.io/ubi8-minimal:latest registry.redhat.io/ubi8-minimal:latest gnutls-3.6.8-11.el8_2.x86_64 Has this fix been ported to the gnutls-3.6.8-11.el8_2.x86_64 package that is shipped with UBI8?