group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1928648] [NEW] expiring trust anchor compatibility issue

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Dimitri John Ledkov <1928648@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 May 2021 08:54:57 -0000
Reply-to: Bug 1928648 <1928648@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

https://community.letsencrypt.org/t/openssl-client-compatibility-
changes-for-let-s-encrypt-certificates/143816

Currently gnutls28 in bionic and earlier will not establish a
connection, if any parts of the trust chain have expired, even though
alternative non-expired chains are available.

This has been fixed in GnuTLS 3.6.14, but probably should be backported
to bionic and earlier if it was not already been done so.

https://gitlab.com/gnutls/gnutls/-/issues/1008

https://gitlab.com/gnutls/gnutls/-/merge_requests/1271

** Affects: gnutls28 (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: gnutls28 (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: gnutls28 (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: gnutls28 (Ubuntu Xenial)
     Importance: Undecided
         Status: New

** Affects: gnutls28 (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Also affects: gnutls28 (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: gnutls28 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: gnutls28 (Ubuntu)
       Status: New => Fix Released

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1928648

Title:
  expiring trust anchor compatibility issue

Status in gnutls28 package in Ubuntu:
  Fix Released
Status in gnutls28 source package in Precise:
  New
Status in gnutls28 source package in Trusty:
  New
Status in gnutls28 source package in Xenial:
  New
Status in gnutls28 source package in Bionic:
  New

Bug description:
  https://community.letsencrypt.org/t/openssl-client-compatibility-
  changes-for-let-s-encrypt-certificates/143816

  Currently gnutls28 in bionic and earlier will not establish a
  connection, if any parts of the trust chain have expired, even though
  alternative non-expired chains are available.

  This has been fixed in GnuTLS 3.6.14, but probably should be
  backported to bionic and earlier if it was not already been done so.

  https://gitlab.com/gnutls/gnutls/-/issues/1008

  https://gitlab.com/gnutls/gnutls/-/merge_requests/1271

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/+subscriptions

Follow ups

[Bug 1928648] Re: expiring trust anchor compatibility issue
From: Dimitri John Ledkov, 2021-10-01
[Bug 1928648] Re: expiring trust anchor compatibility issue
From: Launchpad Bug Tracker, 2021-09-22
[Bug 1928648] Re: expiring trust anchor compatibility issue
From: Launchpad Bug Tracker, 2021-09-15
[Bug 1928648] Re: expiring trust anchor compatibility issue
From: Dimitri John Ledkov, 2021-08-26