Bug 42925 - openssl: multiple issues (4.1)
openssl: multiple issues (4.1)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Philipp Hahn
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2016-11-10 19:35 CET by Arvid Requate
Modified: 2017-07-13 15:52 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-11-10 19:35:50 CET
The openssl version in UCS 4.1 is affected by this issue:

* Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Comment 1 Arvid Requate univentionstaff 2017-01-30 20:50:53 CET
A security update for Debian Jessie fixed these issues:

* ECDSA P-256 timing attack key recovery (CVE-2016-7056)
* SSL/TLS SSL3_AL_WARNING undefined alert DoS (CVE-2016-8610)
* Truncated packet could crash via OOB read (CVE-2017-3731)

Looks like we are not affected by the first issue, the patched code is already present in 1.0.2d-1.
Comment 2 Arvid Requate univentionstaff 2017-01-31 21:15:30 CET
One more from https://www.openssl.org/news/secadv/20170126.txt :

* BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
Comment 3 Philipp Hahn univentionstaff 2017-06-08 13:14:48 CEST
repo_admin.py -U -p openssl -d jessie-backports -r 4.1 -s errata4.1-4
build-package-ng -r 4.1 -s errata4.1-4 -p openssl -j 4 -b ~ucs41

r17531 | Bug #42925 OpenSSL: Remove upstream patches
 git log --grep CVE- OpenSSL_1_0_2d..OpenSSL_1_0_2l --oneline|while read commit summary; do cve="$(git show -s "$commit"|grep --only 'CVE-[0-9]\+-[0-9]\+'|sort -u)";cid="$(git describe --contains --match OpenSSL_\* "$commit")";desc="$(sed -ne "/${cve}/{g;p;q};s/^  \*) \(.*\)/\1/;T;h" CHANGES)";printf '%s\t%s\t%s\n'  "$cve" "${cid#OpenSSL_}" "${desc:-$summary}";done

CVE-2017-3732	1.0.2k~3	BN_mod_exp may produce incorrect results on x86_64
CVE-2017-3731	1.0.2k~4	Truncated packet could crash via OOB read
CVE-2016-7055	1.0.2k~43	Montgomery multiplication may produce incorrect results
CVE-2016-7052	1.0.2j~2	Missing CRL sanity check
CVE-2016-6304	1.0.2i~4	OCSP Status Request extension unbounded memory growth
CVE-2016-8610	1.0.2i~6	Don't allow too many consecutive warning alerts
CVE-2016-6306	1.0.2i~13	Certificate message OOB reads
CVE-2016-6303	1.0.2i~49	OOB write in MDC2_Update()
CVE-2016-2183	1.0.2i~50	In order to mitigate the SWEET32 attack, the DES ciphers were moved from HIGH to MEDIUM.
CVE-2016-6302	1.0.2i~52	Malformed SHA512 ticket DoS
CVE-2016-2179	1.0.2i~62…63	DTLS buffered message DoS
CVE-2016-2181	1.0.2i~73	DTLS replay protection DoS
CVE-2016-2182	1.0.2i~85	OOB write in BN_bn2dec()
CVE-2016-2180	1.0.2i~105	OOB read in TS_OBJ_print_bio()
CVE-2016-2178	1.0.2i~160…161	Constant time flag not preserved in DSA signing
CVE-2016-2177	1.0.2i~167	Pointer arithmetic undefined behaviour
CVE-2016-2108	1.0.2h~3	fix Memory corruption in the ASN.1 encoder
CVE-2016-2107	1.0.2h~4	Prevent padding oracle in AES-NI CBC MAC check
CVE-2016-2105	1.0.2h~8	Fix EVP_EncodeUpdate overflow
CVE-2016-2176	1.0.2h~9	EBCDIC overread
CVE-2016-2106	1.0.2h~10	Fix EVP_EncryptUpdate overflow
CVE-2016-2109	1.0.2h~24	Prevent ASN.1 BIO excessive memory allocation
CVE-2016-0702	1.0.2g~4…8	Side channel attack on modular exponentiation
CVE-2016-0800	1.0.2g~12	Disable SSLv2 default build, default negotiation and weak ciphers.
CVE-2016-0797	1.0.2g~13	Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0799	1.0.2g~19	Fix memory issues in BIO_*printf functions
CVE-2016-0798	1.0.2g~20	Disable SRP fake user seed to address a server memory leak.
CVE-2016-0705	1.0.2g~26	Fix a double-free in DSA code
CVE-2016-0701	1.0.2f~3…4	DH small subgroups
CVE-2015-3197	1.0.2f~5	SSLv2 doesn't block disabled ciphers
		1.0.2f~3	Reject DH handshakes with parameters shorter than 1024 bits.
CVE-2015-3194	1.0.2e~3…4	Certificate verify crash with missing PSS parameter
CVE-2015-3193	1.0.2e~5	BN_mod_exp may produce incorrect results on x86_64
CVE-2015-3195	1.0.2e~6	X509_ATTRIBUTE memory leak
CVE-2015-1794	1.0.2e~142…143	Fix seg fault with 0 p val in SKE
CVE-2016-7056	1.0.2-beta3~26	ECDSA P-256 timing attack key recovery

Package: openssl
Version: 1.0.2k-1~bpo8+1~ucs41.134.201706081137
Branch: ucs_4.1-0
Scope: errata4.1-4

repo_admin.py --cherrypick -r 4.1 -s errata4.1-4 --releasedest 4.2 --dest errata4.2-0 -p openssl
build-package-ng -r 4.2 -s errata4.2-0 -p openssl -j 4

Package: openssl
Version: 1.0.2k-1~bpo8+1A~
Branch: ucs_4.2-0
Scope: errata4.2-0

r80071 | Bug #44751: OpenSSL 1.0.2k

QA: dpkg --compare-versions 1.0.2k-1~bpo8+1~ucs41.134.201706081137 lt 1.0.2k-1~bpo8+1A~ ; echo $? # 0
QA: /usr/share/ucs-test/23_apache/22_ssl-order -vvf

(In reply to Arvid Requate from comment #0)
> * Montgomery multiplication may produce incorrect results (CVE-2016-7055)
fixed 1.0.2k~43

(In reply to Arvid Requate from comment #1)
> * ECDSA P-256 timing attack key recovery (CVE-2016-7056)
already fixed 1.0.2-beta3~26
> * SSL/TLS SSL3_AL_WARNING undefined alert DoS (CVE-2016-8610)
fixed 1.0.2i~6
> * Truncated packet could crash via OOB read (CVE-2017-3731)
fixed 1.0.2k~4

(In reply to Arvid Requate from comment #2)
> * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
fixed 1.0.2k~3
Comment 4 Philipp Hahn univentionstaff 2017-06-27 14:59:23 CEST
r80529 | Bug #44751 test: Skip EXPORT and LOW cipher test

Package: ucs-test
Version: 6.0.37-67.1607.201706271457
Branch: ucs_4.1-0
Scope: errata4.1-4
Comment 5 Arvid Requate univentionstaff 2017-07-12 20:02:38 CEST
* OK: Package imported and built with merged patches
* OK: Binary package update
* OK: apt-get install libssl-dev
* OK: zless /usr/share/doc/openssl/changelog.Debian.gz
* OK: openssl s_client -connect localhost:636 # 443
* OK: ldapsearch -ZZZ -x -D `ucr get ldap/hostdn` -y /etc/machine.secret dn
* OK: univention-certificate new -name test -days 1
* OK: univention-certificate check -name test
* OK: univention-certificate dump -name test
* OK: univention-certificate list
* OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem
* OK: curl -k https://$(hostname -f)/ucs-overview/
* OK: ucs-test -s apache -E dangerous
* OK: EXPORT and LOW ciphers disabled
* OK: Advisory

I've added a note to the advisory that EXPORT and LOW ciphers are disabled now.
Comment 6 Janek Walkenhorst univentionstaff 2017-07-13 15:52:26 CEST