Univention Bugzilla – Bug 42925
openssl: multiple issues (4.1)
Last modified: 2017-07-13 15:52:26 CEST
The openssl version in UCS 4.1 is affected by this issue: * Montgomery multiplication may produce incorrect results (CVE-2016-7055)
A security update for Debian Jessie fixed these issues: * ECDSA P-256 timing attack key recovery (CVE-2016-7056) * SSL/TLS SSL3_AL_WARNING undefined alert DoS (CVE-2016-8610) * Truncated packet could crash via OOB read (CVE-2017-3731) Looks like we are not affected by the first issue, the patched code is already present in 1.0.2d-1.
One more from https://www.openssl.org/news/secadv/20170126.txt : * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
repo_admin.py -U -p openssl -d jessie-backports -r 4.1 -s errata4.1-4 build-package-ng -r 4.1 -s errata4.1-4 -p openssl -j 4 -b ~ucs41 r17531 | Bug #42925 OpenSSL: Remove upstream patches git log --grep CVE- OpenSSL_1_0_2d..OpenSSL_1_0_2l --oneline|while read commit summary; do cve="$(git show -s "$commit"|grep --only 'CVE-[0-9]\+-[0-9]\+'|sort -u)";cid="$(git describe --contains --match OpenSSL_\* "$commit")";desc="$(sed -ne "/${cve}/{g;p;q};s/^ \*) \(.*\)/\1/;T;h" CHANGES)";printf '%s\t%s\t%s\n' "$cve" "${cid#OpenSSL_}" "${desc:-$summary}";done CVE-2017-3732 1.0.2k~3 BN_mod_exp may produce incorrect results on x86_64 CVE-2017-3731 1.0.2k~4 Truncated packet could crash via OOB read CVE-2016-7055 1.0.2k~43 Montgomery multiplication may produce incorrect results CVE-2016-7052 1.0.2j~2 Missing CRL sanity check CVE-2016-6304 1.0.2i~4 OCSP Status Request extension unbounded memory growth CVE-2016-8610 1.0.2i~6 Don't allow too many consecutive warning alerts CVE-2016-6306 1.0.2i~13 Certificate message OOB reads CVE-2016-6303 1.0.2i~49 OOB write in MDC2_Update() CVE-2016-2183 1.0.2i~50 In order to mitigate the SWEET32 attack, the DES ciphers were moved from HIGH to MEDIUM. CVE-2016-6302 1.0.2i~52 Malformed SHA512 ticket DoS CVE-2016-2179 1.0.2i~62…63 DTLS buffered message DoS CVE-2016-2181 1.0.2i~73 DTLS replay protection DoS CVE-2016-2182 1.0.2i~85 OOB write in BN_bn2dec() CVE-2016-2180 1.0.2i~105 OOB read in TS_OBJ_print_bio() CVE-2016-2178 1.0.2i~160…161 Constant time flag not preserved in DSA signing CVE-2016-2177 1.0.2i~167 Pointer arithmetic undefined behaviour CVE-2016-2108 1.0.2h~3 fix Memory corruption in the ASN.1 encoder CVE-2016-2107 1.0.2h~4 Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2105 1.0.2h~8 Fix EVP_EncodeUpdate overflow CVE-2016-2176 1.0.2h~9 EBCDIC overread CVE-2016-2106 1.0.2h~10 Fix EVP_EncryptUpdate overflow CVE-2016-2109 1.0.2h~24 Prevent ASN.1 BIO excessive memory allocation CVE-2016-0702 1.0.2g~4…8 Side channel attack on modular exponentiation CVE-2016-0800 1.0.2g~12 Disable SSLv2 default build, default negotiation and weak ciphers. CVE-2016-0797 1.0.2g~13 Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption CVE-2016-0799 1.0.2g~19 Fix memory issues in BIO_*printf functions CVE-2016-0798 1.0.2g~20 Disable SRP fake user seed to address a server memory leak. CVE-2016-0705 1.0.2g~26 Fix a double-free in DSA code CVE-2016-0701 1.0.2f~3…4 DH small subgroups CVE-2015-3197 1.0.2f~5 SSLv2 doesn't block disabled ciphers 1.0.2f~3 Reject DH handshakes with parameters shorter than 1024 bits. CVE-2015-3194 1.0.2e~3…4 Certificate verify crash with missing PSS parameter CVE-2015-3193 1.0.2e~5 BN_mod_exp may produce incorrect results on x86_64 CVE-2015-3195 1.0.2e~6 X509_ATTRIBUTE memory leak CVE-2015-1794 1.0.2e~142…143 Fix seg fault with 0 p val in SKE CVE-2016-7056 1.0.2-beta3~26 ECDSA P-256 timing attack key recovery Package: openssl Version: 1.0.2k-1~bpo8+1~ucs41.134.201706081137 Branch: ucs_4.1-0 Scope: errata4.1-4 repo_admin.py --cherrypick -r 4.1 -s errata4.1-4 --releasedest 4.2 --dest errata4.2-0 -p openssl build-package-ng -r 4.2 -s errata4.2-0 -p openssl -j 4 Package: openssl Version: 1.0.2k-1~bpo8+1A~4.2.0.201706081143 Branch: ucs_4.2-0 Scope: errata4.2-0 r80071 | Bug #44751: OpenSSL 1.0.2k YAML QA: dpkg --compare-versions 1.0.2k-1~bpo8+1~ucs41.134.201706081137 lt 1.0.2k-1~bpo8+1A~4.2.0.201706081143 ; echo $? # 0 QA: /usr/share/ucs-test/23_apache/22_ssl-order -vvf (In reply to Arvid Requate from comment #0) > * Montgomery multiplication may produce incorrect results (CVE-2016-7055) fixed 1.0.2k~43 (In reply to Arvid Requate from comment #1) > * ECDSA P-256 timing attack key recovery (CVE-2016-7056) already fixed 1.0.2-beta3~26 > * SSL/TLS SSL3_AL_WARNING undefined alert DoS (CVE-2016-8610) fixed 1.0.2i~6 > * Truncated packet could crash via OOB read (CVE-2017-3731) fixed 1.0.2k~4 (In reply to Arvid Requate from comment #2) > * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) fixed 1.0.2k~3
r80529 | Bug #44751 test: Skip EXPORT and LOW cipher test Package: ucs-test Version: 6.0.37-67.1607.201706271457 Branch: ucs_4.1-0 Scope: errata4.1-4
* OK: Package imported and built with merged patches * OK: Binary package update * OK: apt-get install libssl-dev * OK: zless /usr/share/doc/openssl/changelog.Debian.gz * OK: openssl s_client -connect localhost:636 # 443 * OK: ldapsearch -ZZZ -x -D `ucr get ldap/hostdn` -y /etc/machine.secret dn * OK: univention-certificate new -name test -days 1 * OK: univention-certificate check -name test * OK: univention-certificate dump -name test * OK: univention-certificate list * OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem * OK: curl -k https://$(hostname -f)/ucs-overview/ * OK: ucs-test -s apache -E dangerous * OK: EXPORT and LOW ciphers disabled * OK: Advisory I've added a note to the advisory that EXPORT and LOW ciphers are disabled now.
<http://errata.software-univention.de/ucs/4.1/443.html>