| Summary: | bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, geiger.david68210, sysadmin-bugs, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK mga6-32-ok | ||
| Source RPM: | bouncycastle-1.54-1.mga6.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 1.60 plus patch from Fedora | ||
| Bug Depends on: | |||
| Bug Blocks: | 20660 | ||
| Attachments: | Source Code does Symmetric Encryption/Description with bouncycastle | ||
|
Description
David Walser
2017-12-15 20:54:13 CET
David Walser
2017-12-15 20:54:28 CET
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO Debian has issued an advisory for this on December 21: https://www.debian.org/security/2017/dsa-4072 We won't be fixing this type of package for Mageia 5. Whiteboard:
MGA6TOO, MGA5TOO =>
MGA6TOO
David Walser
2018-02-02 18:24:04 CET
Status comment:
(none) =>
Patches available from Debian and upstream openSUSE has issued an advisory for this today (June 14): https://lists.opensuse.org/opensuse-updates/2018-06/msg00085.html It also fixes several other issues. The issues are all fixed upstream in 1.59. Summary:
bouncycastle new security issue CVE-2017-13098 =>
bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098 Fedora has issued an advisory today (June 18): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FLX7FYBQSMDXTMJH2V7CQ5YZFM6AOC7C/ It fixes one additional issue (fix backported from 1.60beta4). Severity:
normal =>
major Debian has issued an advisory for the new issue on June 22: https://www.debian.org/security/2018/dsa-4233 Ubuntu has issued an advisory for some of these issues on August 1: https://usn.ubuntu.com/3727-1/ openSUSE has issued an advisory on July 28: https://lists.opensuse.org/opensuse-updates/2018-07/msg00089.html It fixes a new issue that was fixed upstream in 1.60. Summary:
bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180 =>
bouncycastle new security issues CVE-2016-100033[89], CVE-2016-100034[0-6], CVE-2016-1000352, CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613 Fedora has issued an advisory for this on August 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DVJFLR42744ESQ5QECN4RJQ3HQYFDOTW/ Done for Cauldron and mga6 updating to latest 1.60 release! Note that now modules mail, pg, pkix and tls are part of bouncycastle main package. Thanks David!
Advisory:
========================
Updated bouncycastle packages fix security vulnerabilities:
Ensure full validation of ASN.1 encoding of signature
on verification. It was possible to inject extra elements in the
sequence making up the signature and still have it validate, which in
some cases may have allowed the introduction of 'invisible' data into a
signed structure (CVE-2016-1000338).
Prevent AESEngine key information leak via lookup table accesses (CVE-2016-1000339).
Preventcarry propagation bugs in the implementation of
squaring for several raw math classes (CVE-2016-1000340).
Fix DSA signature generation vulnerability to timing attack (CVE-2016-1000341).
DSA signature generation was vulnerable to timing
attack. Where timings can be closely observed for the generation of
signatures may have allowed an attacker to gain information about the
signature's k value and ultimately the private value as well
(CVE-2016-1000341).
Ensure that ECDSA does fully validate ASN.1 encoding
of signature on verification. It was possible to inject extra elements
in the sequence making up the signature and still have it validate,
which in some cases may have allowed the introduction of 'invisible'
data into a signed structure (CVE-2016-1000342).
Prevent weak default settings for private DSA key pair generation (CVE-2016-1000343).
Removed DHIES from the provider to disable the unsafe usage
of ECB mode (CVE-2016-1000344).
The DHIES/ECIES CBC mode was vulnerable to padding
oracle attack. In an environment where timings can be easily observed,
it was possible with enough observations to identify when the decryption
is failing due to padding (CVE-2016-1000345).
The other party DH public key was not fully validated.
This could have caused issues as invalid keys could be used to reveal
details about the other party's private key where static Diffie-Hellman
is in use (CVE-2016-1000346).
Remove ECIES from the provider to disable the unsafe usage
of ECB mode (CVE-2016-1000352).
BouncyCastle, when configured to use the JCE (Java
Cryptography Extension) for cryptographic functions, provided a weak
Bleichenbacher oracle when any TLS cipher suite using RSA key exchange
was negotiated. An attacker can recover the private key from a
vulnerable application. This vulnerability is referred to as "ROBOT"
(CVE-2017-13098).
It was discovered that the low-level interface to the RSA key pair
generator of Bouncy Castle (a Java implementation of cryptographic
algorithms) could perform less Miller-Rabin primality tests than expected
(CVE-2018-1000180).
Fix use of Externally-Controlled Input to Select Classes or Code
('Unsafe Reflection') (CVE-2018-1000613).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613
https://lists.opensuse.org/opensuse-updates/2018-06/msg00085.html
https://www.debian.org/security/2018/dsa-4233
https://lists.opensuse.org/opensuse-updates/2018-07/msg00089.html
========================
Updated packages in core/updates_testing:
========================
bouncycastle-1.60-1.mga6
bouncycastle-javadoc-1.60-1.mga6
bouncycastle-mail-1.60-1.mga6
bouncycastle-pg-1.60-1.mga6
bouncycastle-pkix-1.60-1.mga6
bouncycastle-tls-1.60-1.mga6
from bouncycastle-1.60-1.mga6.src.rpmWhiteboard:
MGA6TOO =>
(none)
Thomas Backlund
2018-09-05 13:31:48 CEST
Keywords:
(none) =>
advisory Created attachment 10363 [details]
Source Code does Symmetric Encryption/Description with bouncycastle
Extract the two files to a location. You'll need to install javac (openjdk dev).
In the directory you pulled the source, to compile you do:
javac -cp .:/usr/share/java/bcprov.jar bouncySym.java
If it compiles then you can run it like this
$ java -cp .:/usr/share/java/bcprov.jar bouncySym "Encrypt Me"CC:
(none) =>
brtians1 $ uname -a Linux localhost 4.14.65-desktop-1.mga6 #1 SMP Sat Aug 18 14:50:29 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ javac -cp .:/usr/share/java/bcprov.jar bouncySym.java $ java -cp .:/usr/share/java/bcprov.jar bouncySym "Hello my name is Brian" Hello my name is Brian Encrypted : 71282df655ec2f24c11911b835fa8f5ab046cbe1f82fda4bfb5b8a2b60e18112 Hello my name is Brian
Brian Rockwell
2018-09-09 22:51:19 CEST
Whiteboard:
(none) =>
MGA6-64-OK The following 4 packages are going to be installed: - bouncycastle-1.60-1.mga6.noarch - bouncycastle-mail-1.60-1.mga6.noarch - bouncycastle-pkix-1.60-1.mga6.noarch - bouncycastle-tls-1.60-1.mga6.noarch 1.3MB of additional disk space will be used. 5.3MB of packages will be retrieved. Installed openjdk_devel then did the below [brian@localhost Downloads]$ javac -cp .:/usr/share/java/bcprov.jar bouncySym.java [brian@localhost Downloads]$ java -cp .:/usr/share/java/bcprov.jar bouncySym "Encrypt Me" Encrypt Me Encrypted : bbe9ce8b4928a7f6b15f12da546dc4fe Encrypt Me Whiteboard:
MGA6-64-OK =>
MGA6-64-OK mga6-32-ok Looks OK to me. Validating... Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0376.html Resolution:
(none) =>
FIXED This update also fixed CVE-2015-6644: https://bugzilla.redhat.com/show_bug.cgi?id=1444015 |