| Summary: | libtomcrypt new security issue CVE-2016-6129 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | geiger.david68210, herman.viaene, lewyssmith, marja11, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/699804/ | ||
| Whiteboard: | MGA5-32-OK advisory MGA5-64-OK | ||
| Source RPM: | libtomcrypt-1.17-9.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-09-07 19:50:24 CEST
David Walser
2016-09-07 19:50:34 CEST
Whiteboard:
(none) =>
MGA5TOO Assigning to maintainer. CC:
(none) =>
marja11 Fixed for both mga5 and cauldron! CC:
(none) =>
geiger.david68210 Thanks David! libtomcrypt is used by dropbear, which can be used for testing. Advisory: ======================== Updated libtomcrypt packages fix security vulnerability: It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS#1 v1.5 signature signed by that key (CVE-2016-6129). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6129 http://lwn.net/Alerts/699791/ ======================== Updated packages in core/updates_testing: ======================== libtomcrypt0-1.17-7.1.mga5 libtomcrypt-devel-1.17-7.1.mga5 from libtomcrypt-1.17-7.1.mga5.src.rpm Version:
Cauldron =>
5 MGA55-32 on Acer D620 Xfce
No installation issues
Used at cli:
$ strace -o dropbear.txt dbclient <user>@<host>
to connect to other MGA5 desktop
Got connected and could display the contents of the users home with "ls"
found in trace:
open("/lib/libtomcrypt.so.0", O_RDONLY|O_CLOEXEC) = 3
So OK for meCC:
(none) =>
herman.viaene Advisory uploaded. CC:
(none) =>
lewyssmith Testing M5 x64 real hardware.
Installed the pre-pdate 'libtomcrypt0', which pulled in a couple of other pkgs. Played with it on my single box to see what would happen.
As normal user in a terminal:
$ dbclient normal_user@localhost
First usage said 'localhost' was not in the permitted host list, but continue anyway? Did so, it asked for the user login, and that worked. Not sure whether to exit or logout, both worked.
$ dbclient root@localhost
Asked for but refused (asked 5 times) the relevant password, then aborted:
dbclient: Connection to root@localhost:22 exited: Disconnect received
As root in a terminal:
# dbclient normal_user@localhost
asked again about 'localhost' not in its list, but continued when asked to. Then asked for the user password, and that logged in and functioned OK.
UPDATEd to: lib64tomcrypt0-1.17-7.1.mga5
$ strace -o dropbear.txt dbclient root@localhost
Refused & aborted as previously. No strace file.
# strace -o tmp/dropbear.txt dbclient lewis@localhost
lewis@localhost's password:
Last login: Sun Nov 6 11:53:27 2016 from localhost.localdomain
$ logout
The strace file contained:
open("/lib64/libtomcrypt.so.0", O_RDONLY|O_CLOEXEC) = 3
Unsure of the significance of all this, but following Herman: OK.
Validating.Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0369.html Status:
NEW =>
RESOLVED |