Bug 40189
| Summary: | openssl: Denial of service (3.2) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Arvid Requate <requate> |
| Component: | Security updates | Assignee: | Arvid Requate <requate> |
| Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
| Severity: | normal | ||
| Priority: | P5 | CC: | gohmann, requate, walkenhorst |
| Version: | UCS 3.2 | ||
| Target Milestone: | UCS 3.2-8-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| URL: | https://www.openssl.org/news/secadv/20160301.txt | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | Security | |
| Max CVSS v3 score: | |||
| Bug Depends on: | 40188 | ||
| Bug Blocks: | |||
| Attachments: |
CVE-2016-0800.patch
CVE-2016-0798.patch CVE-2016-0797.patch CVE-2016-0799.patch CVE-2016-0702.patch |
||
|
Description
Arvid Requate
Upstream Debian package version 0.9.8o-4squeeze23 fixes this issue: * A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2 (CVE-2015-3197) * Additionally, when using a DHE cipher suite a new DH key will always be generated for each connection. The following new issues have been identified (see https://www.openssl.org/news/secadv/20160301.txt): * Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) * Memory leak in SRP database lookups (CVE-2016-0798) * BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * Memory issues in BIO_*printf functions (CVE-2016-0799) * Side channel attack on modular exponentiation (CVE-2016-0702) * Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) * Bleichenbacher oracle in SSLv2 (CVE-2016-0704) Please note that CVE-2016-0703, CVE-2016-0704 and CVE-2016-0800 exploit SSLv2. By default UCS 3.2 univention-apache disables SSLv2 (Bug 36173#c5, UCS 3.2 erratum 225) as well as export-grade ciphers (Bug 38632, UCS 3.2 erratum 345). An univention-mail-postfix configuration disabling SSLv2 is available in errata 4.0-1 (Bug 38044). Created attachment 7509 [details]
CVE-2016-0800.patch
Created attachment 7510 [details]
CVE-2016-0798.patch
Created attachment 7511 [details]
CVE-2016-0797.patch
Created attachment 7512 [details]
CVE-2016-0799.patch
Created attachment 7513 [details]
CVE-2016-0702.patch
I imported the latest squeeze-lts version and added patches for CVE-2016-0797 CVE-2016-0799 and CVE-2016-0800. The first two are from the wheezy package and the last one is taken from https://git.openssl.org/?p=openssl.git;a=commitdiff;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286 . I compared the patch to what CentOS and RHEL6 did. Backporting CVE-2016-0702 is too hard (non-applicable assembler patches) and CVE-2016-0703 as well as CVE-2016-0704 should be mitigated by the patch for CVE-2016-0800. This also matches the response of CentOS / RHEL. Advisory: openssl.yaml amd64/i396
OK - built with patches (CVE-2015-3195, CVE-2015-3197, CVE-2016-0797,
CVE-2016-0799, CVE-2016-0800)
OK - ucs-test-base
OK - ucs-test-apache (from 4.1)
OK - openssl s_client -connect 443 636 993
OK - ldapsearch -ZZZ
OK - certificate creation
OK - openssl cert verify (openssl verify -CAfile
/etc/univention/ssl/ucsCA/CAcert.pem
/etc/univention/ssl/master/cert.pem )
OK - ssl2 disabled (openssl s_client -connect hostname:443 -ssl2)
OK - imap/smtp with tls (univention-mail-horde, horde login, horde mail)
OK - libssl-dev
OK - YAML
|