| Summary: | botan new security issue CVE-2016-9132 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, mageia, mageia, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/710084/ | ||
| Whiteboard: | MGA5-32-OK advisory MGA5-64-OK | ||
| Source RPM: | botan-1.10.12-3.mga6.src.rpm | CVE: | CVE-2016-9132 |
| Status comment: | |||
| Bug Depends on: | 21528 | ||
| Bug Blocks: | |||
|
Description
David Walser
2016-12-23 17:40:05 CET
David Walser
2016-12-23 17:40:22 CET
Whiteboard:
(none) =>
MGA5TOO
David Walser
2016-12-23 21:04:16 CET
URL:
(none) =>
https://lwn.net/Vulnerabilities/710084/
Nicolas Lécureuil
2017-04-25 08:34:08 CEST
CVE:
(none) =>
CVE-2016-9132
David Walser
2017-08-14 01:10:45 CEST
Depends on:
(none) =>
21528 closing, all is fixed in bug #21528 *** This bug has been marked as a duplicate of bug 21528 *** Status:
NEW =>
RESOLVED Let's use this bug for the Mageia 5 update. botan-1.10.14-1.mga5 botan-devel-1.10.14-1.mga5 botan-doc-1.10.14-1.mga5 python2-botan-1.10.14-1.mga5 from botan-1.10.14-1.mga5.src.rpm Status:
RESOLVED =>
REOPENED Testing ideas in Bug 17737. Advisory: ======================== Updated botan packages fix security vulnerabilities: While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are likely affected; to cause an overflow on 64-bit the parsed data would have to be many gigabytes (CVE-2016-9132). Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate (CVE-2017-2801). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9132 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2801 https://botan.randombit.net/security.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/ https://www.debian.org/security/2017/dsa-3939 ======================== Updated packages in core/updates_testing: ======================== botan-1.10.14-1.mga5 botan-devel-1.10.14-1.mga5 botan-doc-1.10.14-1.mga5 python2-botan-1.10.14-1.mga5 from botan-1.10.14-1.mga5.src.rpm Assignee:
shlomif =>
qa-bugs MGA5-32 on Asus A6000VM Xfce No installation issues. Ref bug 17737 for testing, first installed monotone. The taking from http://www.monotone.ca/docs/Tutorial.html#Tutorial at CLI: $ mtn db init --db=~/tester5.mtn checked file created, in my home directory, then $ strace -o botan.txt mtn genkey tester5@mageia.test.test enter passphrase for key ID [tester5@mageia.test.test] (...): confirm passphrase for key ID [tester5@mageia.test.test] (...): mtn: generating key-pair 'tester5@mageia.test.test' mtn: storing key-pair tester5@mageia.test.test in '/home/tester5/.monotone/keys/' mtn: storing public key tester5@mageia.test.test in '' mtn: key 'tester5@mageia.test.test' has hash 'ca05331471a1c0eaea92c4476ce8470a55802743' checked in trace file call on libbotan: OK According Claire's recommendation in bug 17737 this should be OK for testing. Whiteboard:
(none) =>
MGA5-32-OK
Lewis Smith
2017-08-28 21:57:40 CEST
Whiteboard:
MGA5-32-OK =>
MGA5-32-OK advisory Installed and tested without issues. Did the same test as in Comment 4. The test used monotone to generate a RSA key. Also tested using softhsm. The PKCS8 PEM key file was generated with openssl. System: Mageia 5, x86_64, Plasma, Intel CPU, nVidia GPU using proprietary driver nvidia340. $ uname -a Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ mtn db init --db=~/tmp/test.mtn $ ls tmp/test.mtn tmp/test.mtn $ strace -o ~/tmp/botan.strace mtn genkey test-key enter passphrase for key ID [test-key] (...): confirm passphrase for key ID [test-key] (...): mtn: generating key-pair 'test-key' mtn: storing key-pair test-key in '/home/pclx/.monotone/keys/' mtn: storing public key test-key in '' mtn: key 'test-key' has hash 'cb41c7b438bc96a3bd99c20ed4879f36101d2365' $ ls .monotone/keys/ test-key.cb41c7b438bc96a3bd99c20ed4879f36101d2365 $ grep botan tmp/botan.strace open("/lib64/libbotan-1.10.so.1", O_RDONLY|O_CLOEXEC) = 3 $ rpm -qf /lib64/libbotan-1.10.so.1 botan-1.10.14-1.mga5 $ $ ################################# $ # Now for the test using softhsm. $ ################################# $ $ openssl genrsa -out ~/tmp/key.pri Generating RSA private key, 2048 bit long modulus ................+++ ....+++ e is 65537 (0x10001) $ openssl pkcs8 -in ~/tmp/key.pri -nocrypt -topk8 > ~/tmp/key.pem $ strace -o ~/tmp/botan.strace softhsm --init-token --slot 0 --label "slot 0" --pin 1234 --so-pin 1234 The token has been initialized. $ strace -o ~/tmp/botan.strace softhsm --show-slots Available slots: Slot 0 Token present: yes Token initialized: yes User PIN initialized: yes Token label: slot 0 $ strace -o ~/tmp/botan.strace softhsm --import ~/tmp/key.pem --slot 0 --label "test 0" --id 0000 --pin 1234 The key pair has been imported to the token in slot 0. $ grep botan tmp/botan.strace open("/lib64/libbotan-1.10.so.1", O_RDONLY|O_CLOEXEC) = 3 CC:
(none) =>
mageia
Lewis Smith
2017-08-30 08:28:26 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0321.html Status:
REOPENED =>
RESOLVED |