Univention Bugzilla – Bug 42486
openssl: multiple issues (4.1)
Last modified: 2017-06-08 13:14:48 CEST
The new openssl release 1.0.2i fixes these issues: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) and - Fix CVE-2016-2177 - Fix CVE-2016-2178 - Fix CVE-2016-2179 - Fix CVE-2016-2180 - Fix CVE-2016-2181 - Fix CVE-2016-2182 - Fix CVE-2016-2183 - Fix CVE-2016-6302 - Fix CVE-2016-6303 - Fix CVE-2016-6306 - Fixes CVE-2016-2107 - Fixes CVE-2016-2105 - Fixes CVE-2016-2106 - Fixes CVE-2016-2109 - Fixes CVE-2016-2176 * Fix CVE-2016-0797 * Fix CVE-2016-0798 * Fix CVE-2016-0799 * Fix CVE-2016-0702 * Fix CVE-2016-0705 * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800) makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them too. - Fixes CVE-2016-0701 - Fix CVE-2015-3193 - Fix CVE-2015-3194 - Fix CVE-2015-3195 - Fix CVE-2015-3196
We need the 1.0.2j version, the 1.0.2i introduced a regression: https://www.openssl.org/news/secadv/20160926.txt
Bug 40187 already fixed these: 02_CVE-2015-3193 03_CVE-2015-3194 04_CVE-2015-3195 06_CVE-2016-0702 07_CVE-2016-0705 08_CVE-2016-0797 09_CVE-2016-0798 10_CVE-2016-0799 11_CVE-2016-0800
Bug 41197 already fixed these: - Fixes CVE-2016-2107 - Fixes CVE-2016-2105 - Fixes CVE-2016-2106 - Fixes CVE-2016-2109
Bug 40187 also fixed: 05_CVE-2016-0701.patch Not affected by CVE-2015-3196 (fixed in 1.0.2d-1).
I backported the corresponding commits from the source git repository, plus some additional upstream commits that made clean patch application possible. All modifications are mentioned in the advisory (openssl.yaml). There are a couple of additional memory leak patches upstream. Maybe it makes more sense to apply the full git diff OpenSSL_1_0_2d..OpenSSL_1_0_2j at some point? Anyway, handing over for QA.
Please have a look at the test case 23_apache/22_ssl-order: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/77/SambaVersion=s3,Systemrolle=master/testReport/23_apache/22_ssl-order/test/ [2016-10-06 20:29:24.909898] Create apache2/ssl/honorcipherorder [2016-10-06 20:29:25.082959] File: /etc/apache2/mods-available/ssl.conf (2016-10-06 20:29:25.345772) Syntax OK [2016-10-06 20:29:26.020505] Cipher : ECDHE-RSA-AES256-GCM-SHA384 [2016-10-06 20:29:26.066782] Setting apache2/ssl/honorcipherorder [2016-10-06 20:29:26.245571] File: /etc/apache2/mods-available/ssl.conf (2016-10-06 20:29:26.506777) Syntax OK (2016-10-06 20:29:27.020121) error 2016-10-06 20:29:27 no=PSK-3DES-EDE-CBC-SHA (2016-10-06 20:29:27.025113) error 2016-10-06 20:29:27 **************** Test failed above this line (1) **************** [2016-10-06 20:29:27.066837] Unsetting apache2/ssl/honorcipherorder [2016-10-06 20:29:27.066917] Unsetting apache2/ssl/honorcipherorder [2016-10-06 20:29:27.234218] File: /etc/apache2/mods-available/ssl.conf
One of the CVE-2016-2183*.quilt patches causes this, I'm still trying to understand why the server (apache2) doesn't select the 3DES cipher here that the client lists first. The CVE-2016-2183 patch is supposed to degrade all ciphers using 3DES from HIGH to MEDIUM, but that shouldn't apache2 cause to drop them, because the default for apache2/ssl/ciphersuite is HIGH:MEDIUM:!aNULL:!MD5:!RC4.
It's something about the ordering of "PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA", the server prefers DES-CBC3-SHA for some reason over the first. I disabled the patches for CVE-2016-2183 since they don't raise the security baseline of UCS. Customers worried about this issue can disable 3DES explicitely, e.g. for apache2: apache2/ssl/ciphersuite='HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES' Advisory adjusted.
OK: 23_apache/22_ssl-order OK: aptitude install '?source-package(openssl)~i' OK: apt-get install libssl-dev OK: zless /usr/share/doc/openssl/changelog.Debian.gz OK: openssl s_client -connect localhost:636 # 443 OK: openssl s_client -connect localhost:443 -ssl3 OK: ldapsearch -ZZZ -x -D `ucr get ldap/hostdn` -y /etc/machine.secret dn OK: univention-certificate new -name test -days 1 OK: univention-certificate check -name test OK: univention-certificate dump -name test OK: univention-certificate list OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem OK: mutt -f imaps://Administrator@$(dnsdomainname)@$(hostname -f)/ OK: w3m https://$(hostname -f)/ucs-overview/ OK: lynx https://$(hostname -f)/ucs-overview/ OK: curl -k https://$(hostname -f)/ucs-overview/ OK: errata-announce -V --only openssl.yaml OK: openssl.yaml Fixes: OK: CVE-2016-2177 OK: CVE-2016-2178 OK: CVE-2016-2179 OK: CVE-2016-2180 OK: CVE-2016-2181 OK: CVE-2016-2182 OK: CVE-2016-6302 OK: CVE-2016-6303 OK: CVE-2016-6304 OK: CVE-2016-6306 OK: CVE-2016-7052 Unfixed: OK: CVE-2016-2183 DISABLED ???: CVE-2015-7575 <https://security-tracker.debian.org/tracker/CVE-2015-7575> <https://git.openssl.org/?p=openssl.git;a=commitdiff;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a> Already fixed: OK: CVE-2016-2107,CVE-2016-2105,CVE-2016-2106,CVE-2016-2109 OK: CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0702,CVE-2016-0705 OK: CVE-2016-0800,CVE-2016-0701 OK: CVE-2016-0701,CVE-2015-3193,CVE-2015-3194,CVE-2015-3195 Not affected: OK: CVE-2015-3196 OK: CVE-2016-2176 <https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8>
<http://errata.software-univention.de/ucs/4.1/295.html>