Bug 19501

Summary: ruby new security issue CVE-2016-7798
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, pterjan, sysadmin-bugs, tarazed25
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/703466/
Whiteboard: has_procedure MGA5-64-OK advisory MGA5-32-OK
Source RPM: ruby-2.2.5-14.mga6.src.rpm CVE:
Status comment:
Attachments: updated test_cipher.rb verifying the fix
self contained test_cipher.rb verifying the fix
updated self contained test_cipher.rb verifying the fix

Description David Walser 2016-10-01 16:25:24 CEST 
A CVE has been assigned for a security issue fixed upstream in ruby-openssl:
http://openwall.com/lists/oss-security/2016/10/01/2

ruby-openssl is bundled in the ruby package.  The commit to fix the issue is linked in the message above.  I took a quick look and it appears that the patch would need significant work to rediff for the version we have.

I also noticed that ruby-net-ssh and jruby have an openssl.rb which may also contain the affected code.
David Walser 2016-10-01 16:25:36 CEST

Whiteboard: (none) => MGA5TOO

Pascal Terjan 2016-10-03 22:25:01 CEST

Status: NEW => ASSIGNED

Comment 1 Pascal Terjan 2016-10-03 23:04:50 CEST 
ruby-2.0.0.p648-1.1.mga5 is available in updates_testing, I'll look at the rest and provide testing instructions.
Comment 2 Pascal Terjan 2016-10-03 23:13:21 CEST 
Created attachment 8486 [details]
updated test_cipher.rb verifying the fix

Validation is done by running the new test_cipher.rb which I am attaching here for convenience.
With the old ruby it reports 2 errors, while it passes with the new one.
As it gets run during build, I am not sure there is more to verify.
Comment 3 Pascal Terjan 2016-10-03 23:24:50 CEST 
ruby-net-ssh's openssl.rb loads the shared openssl.rb from ruby package.

jruby's openssl.rb loads a java implementation (jopenssl.jar) which is unlikely to have a similar bug.
Comment 4 Pascal Terjan 2016-10-09 01:53:16 CEST 
To verify the fix, run the attached test_cipher.rb (ruby test_cipher.rb). Without the fix you should get 2 failures, with the fix you should get all tests passing.

Suggested advisory:
========================

Updated ruby packages fix a security vulnerability:

A bug in openssl module caused using an all 0 IV for AES-GCM ciphers in some cases (when setting a key, an iv, and then setting a key a again (CVE-2016-7798).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
https://github.com/ruby/openssl/issues/49
========================

Updated packages in core/updates_testing:
========================
lib(64)ruby2.0-2.0.0.p648-1.1.mga5
ruby-2.0.0.p648-1.1.mga5
ruby-devel-2.0.0.p648-1.1.mga5
ruby-doc-2.0.0.p648-1.1.mga5
ruby-irb-2.0.0.p648-1.1.mga5
ruby-tk-2.0.0.p648-1.1.mga5

Source RPMs: 
ruby-2.0.0.p648-1.1.mga5.src.rpm
Comment 5 Pascal Terjan 2016-10-09 01:53:57 CEST 
Created attachment 8509 [details]
self contained test_cipher.rb verifying the fix

Attachment 8486 is obsolete: 0 => 1

Pascal Terjan 2016-10-09 01:56:17 CEST

Assignee: pterjan => qa-bugs

Comment 6 Nicolas Lécureuil 2016-10-09 09:54:18 CEST 
test for mga5-64:

test w/o the fix:
17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

test w the fix: 


$ ruby test_cipher.rb 
Loaded suite test_cipher
Started
............F
===============================================================================
Failure:
test_empty_data(OpenSSL::TestCipher)
test_cipher.rb:824:in `test_empty_data'
     821: 
     822:   def test_empty_data
     823:     @c1.encrypt
  => 824:     assert_raise(ArgumentError){ @c1.update("") }
     825:   end
     826: 
     827:   def test_initialize

<ArgumentError> expected but was
<OpenSSL::Cipher::CipherError(<key not set>)>

diff:
? Argument                  Error               
? Op     SSL::Cipher::Cipher     (<key not set>)
===============================================================================
....

Finished in 0.038256731 seconds.

17 tests, 238 assertions, 1 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
94.1176% passed

444.37 tests/s, 6221.13 assertions/s

CC: (none) => mageia

Comment 7 Nicolas Lécureuil 2016-10-09 09:55:10 CEST 
test w/o  the fix:

$ ruby test_cipher.rb                                                                                                                  
Loaded suite test_cipher                                                                                                                                     
Started
..F
===============================================================================
Failure:
test_aes_gcm_key_iv_order_issue(OpenSSL::TestCipher)
test_cipher.rb:991:in `test_aes_gcm_key_iv_order_issue'
     988:       ct2 = cipher.update(pt) << cipher.final
     989:       tag2 = cipher.auth_tag
     990: 
  => 991:       assert_equal ct1, ct2
     992:       assert_equal tag1, tag2
     993:     end if has_cipher?("aes-128-gcm")
     994:   end
<"$\xF8\x17\xCC\xF6\x04\x15\x02^\xBCb\xC4Q*\x0E\xCF\x1E\xA1P\b\xD1\x9C\xF5\xD5\x8A%\xF2\x16I\x11\xC7\v\x9F\xCE\xC1\xA5$\x0F\"W3\xFC\xDA\xE0"> expected but was
<"\xE0{\xD8\xB9\x90\xFB\fL\e\xE2\v\xA2\xDCd\xECkOA\x18l\xFE\xBF\x0Es \xC6\x960w\xF0\xB8H\xFD\x03.ELR\x9C\xE8\x9A\xEA\xF7\xD6">

diff:
? $���^�b�Q*        ���         ��Õ%�I�
                                       ���$"W3���
? �{ع��
       L
        ��d�kOAâl�� s Æ0w��H�.ELR �����                 
===============================================================================
.............F
===============================================================================
Failure: <OpenSSL::Cipher::CipherError> exception expected but none was thrown.
test_update_raise_if_key_not_set(OpenSSL::TestCipher)
test_cipher.rb:873:in `test_update_raise_if_key_not_set'
     870:     end
     871: 
     872:     def test_update_raise_if_key_not_set
  => 873:       assert_raise(OpenSSL::Cipher::CipherError) do
     874:         # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
     875:         OpenSSL::Cipher::AES128.new("ECB").update "." * 17
     876:       end
===============================================================================


Finished in 0.05533721 seconds.

17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

307.21 tests/s, 4282.83 assertions/s
Nicolas Lécureuil 2016-10-09 10:36:29 CEST

Version: Cauldron => 5

Nicolas Lécureuil 2016-10-09 11:18:03 CEST

Whiteboard: MGA5TOO => MGA5TOO has_procedure

Comment 8 Len Lawrence 2016-10-09 11:25:05 CEST 
Confirmed the one failure after the update on x86_64.

CC: (none) => tarazed25

Comment 9 Pascal Terjan 2016-10-09 11:35:57 CEST 
Sorry about that, this failure makes sense as it now detects there is no key before even noticing there is no data so it shows the fix is working and the test should be updated to set a key.

I wonder why it did not happen during the build :(

CC: (none) => pterjan

Comment 10 Pascal Terjan 2016-10-09 11:44:12 CEST 
Hmm it seems running "make check" runs much more tests (about 16 thousand more) than "make test" called in the package and finds a few more broken ones due to other patches (18 failures in total, mostly about gems)...

Assignee: qa-bugs => pterjan

David Walser 2016-10-09 19:42:37 CEST

Whiteboard: MGA5TOO has_procedure => has_procedure

Comment 11 Pascal Terjan 2016-10-10 01:13:34 CEST 
Created attachment 8511 [details]
updated self contained test_cipher.rb verifying the fix

Attachment 8509 is obsolete: 0 => 1

Comment 12 Pascal Terjan 2016-10-10 01:14:20 CEST 
I updated the test, but now working on cauldron package to make sure we run all tests at build time and fix some of them.
Comment 13 Nicolas Lécureuil 2016-10-10 09:45:33 CEST 
with current ruby:

$ ruby test_cipher.rb
Loaded suite test_cipher
Started
..F
===============================================================================
Failure:
test_aes_gcm_key_iv_order_issue(OpenSSL::TestCipher)
test_cipher.rb:992:in `test_aes_gcm_key_iv_order_issue'
     989:       ct2 = cipher.update(pt) << cipher.final
     990:       tag2 = cipher.auth_tag
     991: 
  => 992:       assert_equal ct1, ct2
     993:       assert_equal tag1, tag2
     994:     end if has_cipher?("aes-128-gcm")
     995:   end
<"$\xF8\x17\xCC\xF6\x04\x15\x02^\xBCb\xC4Q*\x0E\xCF\x1E\xA1P\b\xD1\x9C\xF5\xD5\x8A%\xF2\x16I\x11\xC7\v\x9F\xCE\xC1\xA5$\x0F\"W3\xFC\xDA\xE0"> expected but was
<"\xE0{\xD8\xB9\x90\xFB\fL\e\xE2\v\xA2\xDCd\xECkOA\x18l\xFE\xBF\x0Es \xC6\x960w\xF0\xB8H\xFD\x03.ELR\x9C\xE8\x9A\xEA\xF7\xD6">

diff:
? $���^�b�Q*        ���         ��Õ%�I�
                                       ���$"W3���
? �{ع��
       L
        ��d�kOAâl�� s Æ0w��H�.ELR �����                 
===============================================================================
.............F
===============================================================================
Failure: <OpenSSL::Cipher::CipherError> exception expected but none was thrown.
test_update_raise_if_key_not_set(OpenSSL::TestCipher)
test_cipher.rb:874:in `test_update_raise_if_key_not_set'
     871:     end
     872: 
     873:     def test_update_raise_if_key_not_set
  => 874:       assert_raise(OpenSSL::Cipher::CipherError) do
     875:         # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
     876:         OpenSSL::Cipher::AES128.new("ECB").update "." * 17
     877:       end
===============================================================================


Finished in 0.039533178 seconds.

17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

430.02 tests/s, 5994.96 assertions/s

with fixed ruby:


$ ruby test_cipher.rb
Loaded suite test_cipher
Started
.................

Finished in 0.034317457 seconds.

17 tests, 238 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed

495.37 tests/s, 6935.25 assertions/s



update ok for me on x86_64

Whiteboard: has_procedure => has_procedure MGA5-64-OK

Nicolas Lécureuil 2016-10-10 09:47:27 CEST

Assignee: pterjan => qa-bugs

Nicolas Lécureuil 2016-10-12 11:10:49 CEST

Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisory

Comment 14 Len Lawrence 2016-10-12 18:51:56 CEST 
Tested this on i586 in virtualbox.

2 failures before the update, none afterwards.
$ ruby test_cipher.rb
Loaded suite test_cipher
Started
.................

Finished in 0.017511517 seconds.
------
17 tests, 238 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed
------
970.79 tests/s, 13591.06 assertions/s
Len Lawrence 2016-10-12 18:52:15 CEST

Whiteboard: has_procedure MGA5-64-OK advisory => has_procedure MGA5-64-OK advisory MGA5-32-OK

Len Lawrence 2016-10-12 18:52:43 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2016-10-13 09:21:37 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0342.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-10-13 19:57:33 CEST

URL: (none) => http://lwn.net/Vulnerabilities/703466/