Bug 42486 - openssl: multiple issues (4.1)
openssl: multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Arvid Requate
Philipp Hahn
https://www.openssl.org/blog/blog/201...
:
Depends on: 41197
Blocks: 42487
  Show dependency treegraph
 
Reported: 2016-09-23 13:42 CEST by Felix Botner
Modified: 2017-06-08 13:14 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016092321000391
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2016-09-23 13:42:35 CEST
The new openssl release 1.0.2i fixes these issues:

* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

and

    - Fix CVE-2016-2177
    - Fix CVE-2016-2178
    - Fix CVE-2016-2179
    - Fix CVE-2016-2180
    - Fix CVE-2016-2181
    - Fix CVE-2016-2182
    - Fix CVE-2016-2183
    - Fix CVE-2016-6302
    - Fix CVE-2016-6303
    - Fix CVE-2016-6306
    - Fixes CVE-2016-2107
    - Fixes CVE-2016-2105
    - Fixes CVE-2016-2106
    - Fixes CVE-2016-2109
    - Fixes CVE-2016-2176

  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.

    - Fixes CVE-2016-0701
    - Fix CVE-2015-3193
    - Fix CVE-2015-3194
    - Fix CVE-2015-3195
    - Fix CVE-2015-3196
Comment 1 Arvid Requate univentionstaff 2016-09-29 16:41:02 CEST
We need the 1.0.2j version, the 1.0.2i introduced a regression:

https://www.openssl.org/news/secadv/20160926.txt
Comment 2 Arvid Requate univentionstaff 2016-09-29 17:32:24 CEST
Bug 40187 already fixed these:

     02_CVE-2015-3193
     03_CVE-2015-3194
     04_CVE-2015-3195

     06_CVE-2016-0702
     07_CVE-2016-0705
     08_CVE-2016-0797
     09_CVE-2016-0798
     10_CVE-2016-0799
     11_CVE-2016-0800
Comment 3 Arvid Requate univentionstaff 2016-09-29 21:01:39 CEST
Bug 41197 already fixed these:

    - Fixes CVE-2016-2107
    - Fixes CVE-2016-2105
    - Fixes CVE-2016-2106
    - Fixes CVE-2016-2109
Comment 4 Arvid Requate univentionstaff 2016-09-29 21:13:24 CEST
Bug 40187 also fixed: 05_CVE-2016-0701.patch

Not affected by CVE-2015-3196 (fixed in 1.0.2d-1).
Comment 5 Arvid Requate univentionstaff 2016-09-29 21:53:14 CEST
I backported the corresponding commits from the source git repository, plus some additional upstream commits that made clean patch application possible. All modifications are mentioned in the advisory (openssl.yaml).

There are a couple of additional memory leak patches upstream. Maybe it makes more sense to apply the full git diff OpenSSL_1_0_2d..OpenSSL_1_0_2j at some point? Anyway, handing over for QA.
Comment 6 Stefan Gohmann univentionstaff 2016-10-07 06:08:57 CEST
Please have a look at the test case 23_apache/22_ssl-order:

http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-3/job/AutotestJoin/77/SambaVersion=s3,Systemrolle=master/testReport/23_apache/22_ssl-order/test/

[2016-10-06 20:29:24.909898] Create apache2/ssl/honorcipherorder
[2016-10-06 20:29:25.082959] File: /etc/apache2/mods-available/ssl.conf
(2016-10-06 20:29:25.345772) Syntax OK
[2016-10-06 20:29:26.020505]     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
[2016-10-06 20:29:26.066782] Setting apache2/ssl/honorcipherorder
[2016-10-06 20:29:26.245571] File: /etc/apache2/mods-available/ssl.conf
(2016-10-06 20:29:26.506777) Syntax OK
(2016-10-06 20:29:27.020121) error 2016-10-06 20:29:27	 no=PSK-3DES-EDE-CBC-SHA
(2016-10-06 20:29:27.025113) error 2016-10-06 20:29:27	 **************** Test failed above this line (1) ****************
[2016-10-06 20:29:27.066837] Unsetting apache2/ssl/honorcipherorder
[2016-10-06 20:29:27.066917] Unsetting apache2/ssl/honorcipherorder
[2016-10-06 20:29:27.234218] File: /etc/apache2/mods-available/ssl.conf
Comment 7 Arvid Requate univentionstaff 2016-10-10 22:57:24 CEST
One of the CVE-2016-2183*.quilt patches causes this, I'm still trying to understand why the server (apache2) doesn't select the 3DES cipher here that the client lists first. The CVE-2016-2183 patch is supposed to degrade all ciphers using 3DES from HIGH to MEDIUM, but that shouldn't apache2 cause to drop them, because the default for apache2/ssl/ciphersuite is HIGH:MEDIUM:!aNULL:!MD5:!RC4.
Comment 8 Arvid Requate univentionstaff 2016-10-11 10:27:06 CEST
It's something about the ordering of "PSK-3DES-EDE-CBC-SHA:DES-CBC3-SHA", the server prefers DES-CBC3-SHA for some reason over the first.


I disabled the patches for CVE-2016-2183 since they don't raise the security baseline of UCS. Customers worried about this issue can disable 3DES explicitely, e.g. for apache2:

apache2/ssl/ciphersuite='HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'

Advisory adjusted.
Comment 9 Philipp Hahn univentionstaff 2016-10-17 11:37:36 CEST
OK: 23_apache/22_ssl-order
OK: aptitude install '?source-package(openssl)~i'
OK: apt-get install libssl-dev
OK: zless /usr/share/doc/openssl/changelog.Debian.gz
OK: openssl s_client -connect localhost:636 # 443
OK: openssl s_client -connect localhost:443 -ssl3
OK: ldapsearch -ZZZ -x -D `ucr get ldap/hostdn` -y /etc/machine.secret dn
OK: univention-certificate new -name test -days 1
OK: univention-certificate check -name test
OK: univention-certificate dump -name test
OK: univention-certificate list
OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem
OK: mutt -f imaps://Administrator@$(dnsdomainname)@$(hostname -f)/
OK: w3m https://$(hostname -f)/ucs-overview/
OK: lynx https://$(hostname -f)/ucs-overview/
OK: curl -k https://$(hostname -f)/ucs-overview/

OK: errata-announce -V --only openssl.yaml
OK: openssl.yaml

Fixes:
OK: CVE-2016-2177
OK: CVE-2016-2178
OK: CVE-2016-2179
OK: CVE-2016-2180
OK: CVE-2016-2181
OK: CVE-2016-2182
OK: CVE-2016-6302
OK: CVE-2016-6303
OK: CVE-2016-6304
OK: CVE-2016-6306
OK: CVE-2016-7052

Unfixed:
OK: CVE-2016-2183 DISABLED
???: CVE-2015-7575 <https://security-tracker.debian.org/tracker/CVE-2015-7575> <https://git.openssl.org/?p=openssl.git;a=commitdiff;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a> 

Already fixed:
OK: CVE-2016-2107,CVE-2016-2105,CVE-2016-2106,CVE-2016-2109
OK: CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0702,CVE-2016-0705
OK: CVE-2016-0800,CVE-2016-0701
OK: CVE-2016-0701,CVE-2015-3193,CVE-2015-3194,CVE-2015-3195

Not affected:
OK: CVE-2015-3196
OK: CVE-2016-2176 <https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8>
Comment 10 Janek Walkenhorst univentionstaff 2016-10-20 12:40:44 CEST
<http://errata.software-univention.de/ucs/4.1/295.html>