Bug#1121081: marked as done (rnp: CVE-2025-13470: rnp uses all-zero session keys)

Debian Bug Tracking System Fri, 21 Nov 2025 12:31:17 -0800

Your message dated Fri, 21 Nov 2025 21:30:39 +0100
with message-id <[email protected]>
and subject line Re: Accepted rnp 0.18.1-1 (source) into unstable
has caused the Debian Bug report #1121081,
regarding rnp: CVE-2025-13470:  rnp uses all-zero session keys
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1121081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121081
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: rnp
Version: 0.18.0-4
Severity: grave
File: /usr/bin/rnp
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>

Hello,

Quoting the bug report https://bugzilla.redhat.com/show_bug.cgi?id=2415863:

        session keys generated for PKESK are not randomized but always zero

The reproducer from above link works "fine":

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --version
        rnp 0.18.0-4
        ...

        (sid_arm64-dchroot)ukleinek@amdahl:~$ echo sekrit > lala.txt

        (sid_arm64-dchroot)ukleinek@amdahl:~$ mkdir /tmp/rnptmphome

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnpkeys -g --homedir 
/tmp/rnptmphome
        Keyring directory '/tmp/rnptmphome' is empty.
        Use "rnpkeys" command to generate a new key or import existing keys 
from the file or GnuPG keyrings.
        Generating a new key...
        Enter password for key 0xF73668AEF8A7E5F3 to protect:
        Repeat password for key 0xF73668AEF8A7E5F3:
        Would you like to use the same password to protect subkey(s)? (y/N) y

        sec   3072/RSA f73668aef8a7e5f3 2025-11-20 [SC] [EXPIRES 2027-11-20]
              52fde9716b1e8b12c5d5dfcaf73668aef8a7e5f3
        uid           RSA (Encrypt or Sign) 3072-bit key <ukleinek@localhost>
        ssb   3072/RSA 5ecd8bdf4aa19170 2025-11-20 [E] [EXPIRES 2027-11-20]
              6f42371ab63f46da26b4de4e5ecd8bdf4aa19170

        (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --homedir /tmp/rnptmphome -es 
--armor lala.txt
        Enter password for key 0xF73668AEF8A7E5F3 to sign:

        (sid_arm64-dchroot)ukleinek@amdahl:~$ cat lala.txt.asc
        -----BEGIN PGP MESSAGE-----

        
wcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq
        
a2rP+DfHtPAOzKJ1vH3t+YPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j
        
BRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w
        
DBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t+j6XQWARbka
        
T85BvA1dl+fP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr+0+vk+ZORlaBN
        
+JH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC+9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP
        
mXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs+hnoso6dU+I95Oll45HtQT8iPUNGxV
        
0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9
        
gdQM71PoIvk+SL4GR+gqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF
        
13zqObOx47jkvDkSLJxKigJwRY56g+DN/as72iQ9Gy9b18IbtAMs6b2+n4tb4pN3YCYB7eMKRyGr
        
6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ+ogm05DpGodpBYJnUF7NF
        
FpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W
        
DLHCd78sKOLdO1hJWnfD+88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI+VYS/6wCJzZm7XD+G8
        
NjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o+RkjpzGy
        
/6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD
        
DSEAbeiSCqrkLX9RML+YRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz+dJixAiZ5QX3Q
        isrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw==
        =KOin
        -----END PGP MESSAGE-----

Pasting lala.txt.asc on https://dump.sequoia-pgp.org/ and providing
0000000000000000000000000000000000000000000000000000000000000000 as
session key discloses the original content of lala.txt.

https://dump.sequoia-pgp.org/?data=-----BEGIN%20PGP%20MESSAGE-----%0D%0A%0D%0AwcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq%0D%0Aa2rP%2BDfHtPAOzKJ1vH3t%2BYPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j%0D%0ABRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w%0D%0ADBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t%2Bj6XQWARbka%0D%0AT85BvA1dl%2BfP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr%2B0%2Bvk%2BZORlaBN%0D%0A%2BJH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC%2B9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP%0D%0AmXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs%2Bhnoso6dU%2BI95Oll45HtQT8iPUNGxV%0D%0A0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9%0D%0AgdQM71PoIvk%2BSL4GR%2BgqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF%0D%0A13zqObOx47jkvDkSLJxKigJwRY56g%2BDN/as72iQ9Gy9b18IbtAMs6b2%2Bn4tb4pN3YCYB7eMKRyGr%0D%0A6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ%2Bogm05DpGodpBYJnUF7NF%0D%0AFpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W%0D%0ADLHCd78sKOLdO1hJWnfD%2B88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI%2BVYS/6wCJzZm7XD%2BG8%0D%0ANjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o%2BRkjpzGy%0D%0A/6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD%0D%0ADSEAbeiSCqrkLX9RML%2BYRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz%2BdJixAiZ5QX3Q%0D%0AisrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw%3D%3D%0D%0A%3DKOin%0D%0A-----END%20PGP%20MESSAGE-----%0D%0A&session_key=0000000000000000000000000000000000000000000000000000000000000000

rnp/trixie is unaffected.

-- System Information:
Debian Release: forky/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.12.57+deb13-arm64 (SMP w/8 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages rnp depends on:
ii  libbotan-3-7  3.7.1+dfsg-2
ii  libc6         2.41-12
ii  libgcc-s1     15.2.0-8
ii  libjson-c5    0.18+ds-1.1
ii  librnp0       0.18.0-4
ii  libstdc++6    15.2.0-8

rnp recommends no packages.

rnp suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: rnp
Source-Version: 0.18.1-1

This fixes the reported bug at #1121081 for the issue.

On Fri, Nov 21, 2025 at 01:20:25PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Fri, 21 Nov 2025 07:51:25 -0500
> Source: rnp
> Architecture: source
> Version: 0.18.1-1
> Distribution: unstable
> Urgency: high
> Maintainer: Daniel Kahn Gillmor <[email protected]>
> Changed-By: Daniel Kahn Gillmor <[email protected]>
> Changes:
>  rnp (0.18.1-1) unstable; urgency=high
>  .
>    * new upstream release
>      - Fix PKESK CEK generation (Fixes: CVE 2025-13470)
>  .
>    [ Daniel Kahn Gillmor ]
>    * drop variant fix for 32-bit architectures, upstream fixes it differently
>    * refresh patches
> Checksums-Sha1:
>  bf155082e19cbc831b6d31df77a590cbcf857033 1642 rnp_0.18.1-1.dsc
>  fcdcd49dd95ae9985d3880bc3466db5c7ded70a9 4294607 rnp_0.18.1.orig.tar.gz
>  21ab10b764efff627efb067e5388bb786629eda9 24288 rnp_0.18.1-1.debian.tar.xz
>  19d64fc2194e95b08d5d554298503c92740301f6 13441 rnp_0.18.1-1_amd64.buildinfo
> Checksums-Sha256:
>  4368cc0ff2cea1a849397fc2c1ebe9dfeea6936b03a28d6508112883e74137f3 1642 
> rnp_0.18.1-1.dsc
>  64a8ab3d5f819fe09e78b5c9170ab2387cd8a0bb72695935b8ca40a22585437d 4294607 
> rnp_0.18.1.orig.tar.gz
>  d1b989a021a90f609f4d57c6ec17eda7220b76dd3392dce2b46691b1c5f953c6 24288 
> rnp_0.18.1-1.debian.tar.xz
>  e0ff5dcc892216a9bb0bc23fbe88d52c2dae8fb951cb6a478e6745ebdf7a4b3f 13441 
> rnp_0.18.1-1_amd64.buildinfo
> Files:
>  f42fa5d2e6e3afbc3986747fec254a96 1642 utils optional rnp_0.18.1-1.dsc
>  e2dac95ae96bcffacd1aa2a80c8b8daf 4294607 utils optional 
> rnp_0.18.1.orig.tar.gz
>  e2177d343d8c9233de4a76ea951095bc 24288 utils optional 
> rnp_0.18.1-1.debian.tar.xz
>  110a6f273784d80cb5829b3dfef3a05f 13441 utils optional 
> rnp_0.18.1-1_amd64.buildinfo
> 
> 
> -----BEGIN PGP SIGNATURE-----
> 
> wr0EARYKAG8FgmkgY3IJEHgLhU7ZwrSWRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
> LnNlcXVvaWEtcGdwLm9yZ5j2mmSVrXsQGwBMIJ/MXlJgnl3Aiw53I+qsmEgaVsTa
> FiEEY6wRjlsuXWbIioWneAuFTtnCtJYAAMpbAQDTVWEW4Sbxc8UuNxF2PC6k/h2c
> ezmmzDfJlMc6fNnLGgD/RNOmCdUyLXLLR2f/gObjziVH+uGq4bAJuIxU030cCwo=
> =utom
> -----END PGP SIGNATURE-----

--- End Message ---

Bug#1121081: marked as done (rnp: CVE-2025-13470: rnp uses all-zero session keys)

Reply via email to