Control: retitle -1 rnp: CVE-2025-13470: rnp uses all-zero session keys On Thu, Nov 20, 2025 at 04:54:42PM +0000, Uwe Kleine-König wrote: > Package: rnp > Version: 0.18.0-4 > Severity: grave > File: /usr/bin/rnp > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hello, > > Quoting the bug report https://bugzilla.redhat.com/show_bug.cgi?id=2415863: > > session keys generated for PKESK are not randomized but always zero > > The reproducer from above link works "fine": > > (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --version > rnp 0.18.0-4 > ... > > (sid_arm64-dchroot)ukleinek@amdahl:~$ echo sekrit > lala.txt > > (sid_arm64-dchroot)ukleinek@amdahl:~$ mkdir /tmp/rnptmphome > > (sid_arm64-dchroot)ukleinek@amdahl:~$ rnpkeys -g --homedir > /tmp/rnptmphome > Keyring directory '/tmp/rnptmphome' is empty. > Use "rnpkeys" command to generate a new key or import existing keys > from the file or GnuPG keyrings. > Generating a new key... > Enter password for key 0xF73668AEF8A7E5F3 to protect: > Repeat password for key 0xF73668AEF8A7E5F3: > Would you like to use the same password to protect subkey(s)? (y/N) y > > sec 3072/RSA f73668aef8a7e5f3 2025-11-20 [SC] [EXPIRES 2027-11-20] > 52fde9716b1e8b12c5d5dfcaf73668aef8a7e5f3 > uid RSA (Encrypt or Sign) 3072-bit key <ukleinek@localhost> > ssb 3072/RSA 5ecd8bdf4aa19170 2025-11-20 [E] [EXPIRES 2027-11-20] > 6f42371ab63f46da26b4de4e5ecd8bdf4aa19170 > > (sid_arm64-dchroot)ukleinek@amdahl:~$ rnp --homedir /tmp/rnptmphome -es > --armor lala.txt > Enter password for key 0xF73668AEF8A7E5F3 to sign: > > (sid_arm64-dchroot)ukleinek@amdahl:~$ cat lala.txt.asc > -----BEGIN PGP MESSAGE----- > > > wcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq > > a2rP+DfHtPAOzKJ1vH3t+YPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j > > BRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w > > DBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t+j6XQWARbka > > T85BvA1dl+fP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr+0+vk+ZORlaBN > > +JH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC+9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP > > mXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs+hnoso6dU+I95Oll45HtQT8iPUNGxV > > 0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9 > > gdQM71PoIvk+SL4GR+gqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF > > 13zqObOx47jkvDkSLJxKigJwRY56g+DN/as72iQ9Gy9b18IbtAMs6b2+n4tb4pN3YCYB7eMKRyGr > > 6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ+ogm05DpGodpBYJnUF7NF > > FpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W > > DLHCd78sKOLdO1hJWnfD+88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI+VYS/6wCJzZm7XD+G8 > > NjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o+RkjpzGy > > /6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD > > DSEAbeiSCqrkLX9RML+YRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz+dJixAiZ5QX3Q > isrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw== > =KOin > -----END PGP MESSAGE----- > > Pasting lala.txt.asc on https://dump.sequoia-pgp.org/ and providing > 0000000000000000000000000000000000000000000000000000000000000000 as > session key discloses the original content of lala.txt. > > https://dump.sequoia-pgp.org/?data=-----BEGIN%20PGP%20MESSAGE-----%0D%0A%0D%0AwcDMA17Ni99KoZFwAQwAjXIpZjJcXc6oRuhrzrwLTXh69G2qtOLmgrQ3BRgtYneDBg45DokXSDcq%0D%0Aa2rP%2BDfHtPAOzKJ1vH3t%2BYPCpZQ0rSQe5Al4zzbCbiOQDGIAnfRoAikvbvy6nL6al73PO47pVm2j%0D%0ABRsqb5uhN6wWXcuOkQ8LoU5yKfDVpOgndoyADdEbGAOJVJ9/64RJPFyTkAVc4s6sN/tTVx2yt01w%0D%0ADBb92TwfRhGsm3W0tfFbsw0IRfLsDh3FdlbeffJdp6iPw5RSuAFM8UryY6Ookim0t%2Bj6XQWARbka%0D%0AT85BvA1dl%2BfP5Bm3/aDzihboZjVyfZoRFkontAJhxlY8cN19jxLVPpj18WHmchr%2B0%2Bvk%2BZORlaBN%0D%0A%2BJH/Q7WPXIT/KrzkVb/k5oDCMel8/1JC%2B9/9L8vO9j2o5NlhRigKArAr5W3U5eHMTGZJGDSoIHiP%0D%0AmXZQRk517qOv57tu4QEVtGIsrVVX9C2/lCjAwy2CUaZRBs%2Bhnoso6dU%2BI95Oll45HtQT8iPUNGxV%0D%0A0sFUAWMLV21LQcpVrBcINYSNotGNySwN/kxzqKSEkYMa/vwgOb8FGxhYZouWyluAKijQtSu3bzk9%0D%0AgdQM71PoIvk%2BSL4GR%2BgqRR68L5B2bUfByBhAxpJIANJJuwQXlmhKzSP9y1sIf2OXHoRetLOoaKzF%0D%0A13zqObOx47jkvDkSLJxKigJwRY56g%2BDN/as72iQ9Gy9b18IbtAMs6b2%2Bn4tb4pN3YCYB7eMKRyGr%0D%0A6g0w/lPndxxKjXSnOni/qs4c0xPHAxYs85NKGHIsxE0jRCsyCxOTnIZ%2Bogm05DpGodpBYJnUF7NF%0D%0AFpkzVntlMqMO5jwQugLnwYbetO9CfukgPojik1ZpXd/z10GXqgfksa46nh64wpdvbyW/qED0Ve/W%0D%0ADLHCd78sKOLdO1hJWnfD%2B88gCZcH9Ww4b6BelduMSjOcaQt6NGMtoyWQqI%2BVYS/6wCJzZm7XD%2BG8%0D%0ANjDFHOjH6P7F1B/4efpQEOLkf6iujAX9EHKLGPGbqQVsqZXSfFfc62/NBklv5YiwKR6o%2BRkjpzGy%0D%0A/6daBkI6wYaqhanSBA4q7I3weEfN6QTowkUtK2jRWCzogk1tR6hRLtioJL1whKWzgw7SwEf7OmuD%0D%0ADSEAbeiSCqrkLX9RML%2BYRLqYf4ZHQKSBzst/uNzzgG7oyPu3CCEfEiadkZSGMSz%2BdJixAiZ5QX3Q%0D%0AisrNJ3YYRcQiNEYNFIX9Y2IEYLxhJw%3D%3D%0D%0A%3DKOin%0D%0A-----END%20PGP%20MESSAGE-----%0D%0A&session_key=0000000000000000000000000000000000000000000000000000000000000000 > > rnp/trixie is unaffected.
This is fixed upstream in v0.18.1. Apparently the CVE assigned is CVE-2025-13470, which appeared correctly now on the CVE feed. I have notified Red Hat about the possible typo in their bugzilla entry. Regards, Salvatore
