Bug 23286

Summary: openvpn new security issue CVE-2018-9336
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: brtians1, bruno, marja11, sysadmin-bugs, tarazed25, tmb
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK MGA6-64-OK
Source RPM: openvpn-2.4.4-1.mga6.src.rpm CVE:
Status comment:
Attachments: output from server execute
output from client execute

Description David Walser 2018-07-05 21:09:40 CEST 
SUSE has issued an advisory today (July 5):
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004246.html

The SUSE bug has a link to the upstream commit that fixed the issue:
https://bugzilla.suse.com/show_bug.cgi?id=1090839

Mageia 6 is also affected.
David Walser 2018-07-05 21:09:50 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-07-06 14:42:31 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => bruno

Comment 2 Bruno Cornec 2018-07-07 00:32:48 CEST 
Seems 2.4.6 has the fix already in (in file src/openvpnserv/interactive.c)
So updating cauldron to it.

Status: NEW => ASSIGNED

Comment 3 Bruno Cornec 2018-07-07 00:35:32 CEST 
Patch modified and applied to 2.4.4 for MGA6

Assignee: bruno => qa-bugs

Comment 4 David Walser 2018-07-07 02:46:23 CEST 
Thanks Bruno.  Make sure you leave yourself CC'd when you assign to QA.  You forgot to add a subrel, so I just fixed that.

Advisory:
========================

Updated openvpn packages fix security vulnerability:

Fix potential double-free() in Interactive Service could lead to denial of
service (CVE-2018-9336).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9336
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004246.html
========================

Updated packages in core/updates_testing:
========================
openvpn-2.4.4-1.1.mga6
libopenvpn-devel-2.4.4-1.1.mga6

from openvpn-2.4.4-1.1.mga6.src.rpm

CC: (none) => bruno
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 David Walser 2018-07-16 20:39:44 CEST 
openSUSE has issued an advisory for this on July 7:
https://lists.opensuse.org/opensuse-updates/2018-07/msg00017.html
Comment 6 Brian Rockwell 2018-07-28 16:40:55 CEST 
uname -a
Linux localhost 4.14.50-desktop-2.mga6 #1 SMP Mon Jun 18 13:19:12 UTC 2018 i686 i686 i686 GNU/Linux


# openvpn --genkey --secret key
# openvpn --test-crypto --secret key > crpt.test

--- the output from the file

Sat Jul 28 09:19:44 2018 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Sat Jul 28 09:19:44 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  7 2018
Sat Jul 28 09:19:44 2018 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.09
Sat Jul 28 09:19:44 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  7 2018
Sat Jul 28 09:19:44 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Jul 28 09:19:44 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Jul 28 09:19:44 2018 Entering OpenVPN crypto self-test mode.
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=2
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=3
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=4
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=5
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=6
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=7
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=8
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=9
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=10
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=11
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=12
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=13
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=14
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=15
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=16
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=17
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=18
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=19
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=20
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=21
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=22
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=23
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=24
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=25
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=26
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=27
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=28
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=29
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=30
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=31
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=32
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=33
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=34
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=35
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=36
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=37
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=38
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=39
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=40
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=41
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=42
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=43
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=44
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=45
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=46
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=47
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=48
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=49
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=50
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=51
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=52
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=53
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=54
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=55
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=56
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=57
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=58
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=59
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=60
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=61
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=62
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=63
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=64
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=65
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=66
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=67
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=68
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=69
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=70
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=71
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=72
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=73
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=74
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=75
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=76
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=77
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=78
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=79
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=80
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=81
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=82
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=83
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=84
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=85
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=86
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=87
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=88
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=89
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=90
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=91
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=92
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=93
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=94
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=95
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=96
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=97
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=98
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=99
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=100
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=101
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=102
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=103
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=104

-- more stuff in the middle

Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1488
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1489
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1490
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1491
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1492
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1493
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1494
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1495
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1496
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1497
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1498
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1499
Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1500
Sat Jul 28 09:19:44 2018 OpenVPN crypto self-test mode SUCCEEDED.

edited the sample config files for loopback server

# vi /usr/share/openvpn/sample-config-files/loopback-server


the following items had to be edited.

dh /usr/share/openvpn/sample-keys/dh2048.pem
ca /usr/share/openvpn/sample-keys/ca.crt
key /usr/share/openvpn/sample-keys/server.key
cert /usr/share/openvpn/sample-keys/server.crt
tls-auth /usr/share/openvpn/sample-keys/ta.key 0

ran loopback server

# openvpn --config /usr/share/openvpn/sample-config-files/loopback-server

you'll see a bunch of text scroll by then it'll wait for a ping.

----

Next I edit the client-loopback file..

vi /usr/share/openvpn/sample-config-files/loopback-client

the following items in the file had to be edited

ca /usr/share/openvpn/sample-keys/ca.crt
key /usr/share/openvpn/sample-keys/client.key
cert /usr/share/openvpn/sample-keys/client.crt
tls-auth /usr/share/openvpn/sample-keys/ta.key 1

----

Next I run the server and client sessions


# openvpn --config /usr/share/openvpn/sample-config-files/loopback-server > srvr.txt
# openvpn --config /usr/share/openvpn/sample-config-files/loopback-client > client


You can leave the two chat for awhile.  You'll see the files grow as they communicate with each other


Working as designed.


--> I'll attach the outputs

CC: (none) => brtians1

Comment 7 Brian Rockwell 2018-07-28 16:41:54 CEST 
Created attachment 10296 [details]
output from server execute
Comment 8 Brian Rockwell 2018-07-28 16:42:33 CEST 
Created attachment 10297 [details]
output from client execute
Brian Rockwell 2018-07-28 16:43:00 CEST

Whiteboard: (none) => MGA6-32-OK

Comment 9 Brian Rockwell 2018-07-28 21:39:25 CEST 
mga6-64

The following 3 packages are going to be installed:

- libobjc4-5.5.0-1.mga6.x86_64
- openvpn-2.4.4-1.1.mga6.x86_64
- perl-Authen-PAM-0.160.0-16.mga6.x86_64

2.2MB of additional disk space will be used.

783KB of packages will be retrieved.

followed the same configurations and execution.

Successful

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK

Comment 10 Len Lawrence 2018-08-03 08:30:57 CEST 
@Brian.  Validating this even though there is no asterisk for the advisory.  We have been bending the rules for some time just to trim down the list of things yet to be tested.  Your tests are definitive - great work.  Thanks.

CC: (none) => tarazed25

Len Lawrence 2018-08-03 08:32:29 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2018-08-10 15:31:52 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 11 Mageia Robot 2018-08-10 16:39:44 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0329.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED