Bug 23660

Summary: mbedtls new security issues CVE-2018-0497 and CVE-2018-0498
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, geiger.david68210, marja11, mhrambo3501, oe, rverschelde, smelror, sysadmin-bugs, tarazed25, tmb
Version: 6Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: mbedtls-2.7.3-3.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-10-09 23:46:23 CEST 
Upstream has issued an advisory on July 25:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

The issues were fixed in 2.7.5:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released

2.7.6 was also released on September 10, fixing a minor security issue:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released

Debian has issued an advisory for this on September 16:
https://www.debian.org/security/2018/dsa-4296

Mageia 6 is also affected.
David Walser 2018-10-09 23:46:43 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-10-10 06:14:05 CEST 
Assigning to all packagers collectively, since the registered maintainer for this package is currently unavailable.

Also CC'ing some committers & the registered maintainer.

CC: (none) => geiger.david68210, marja11, oe, rverschelde, smelror
Assignee: bugsquad => pkg-bugs

Comment 2 Mike Rambo 2018-10-12 22:35:29 CEST 
Updated package uploaded for cauldron and Mageia 6.

Advisory:
========================

Updated mbedtls package fixes security vulnerabilities:

Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing side-channels (CVE-2018-0497).

Fixed a vulnerability in TLS ciphersuites based on CBC, in DTLS/TLS 1.0 to 1.2, that allowed a local attacker, with the ability to execute code on the local machine as well as to manipulate network packets, to partially recover the plaintext of messages under certain conditions (CVE-2018-0498).

Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing (no CVE assigned).


References:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released
https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
========================

Updated packages in core/updates_testing:
========================
lib64mbedtls10-2.7.6-1.mga6.x86_64.rpm
lib64mbedtls-devel-2.7.6-1.mga6.x86_64.rpm
mbedtls-2.7.6-1.mga6.x86_64.rpm

from mbedtls-2.7.6-1.mga6.src.rpm


Test procedure: https://bugs.mageia.org/show_bug.cgi?id=20561#c3

Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA6TOO => (none)
CC: (none) => mrambo
Keywords: (none) => has_procedure
Version: Cauldron => 6

Comment 3 Len Lawrence 2018-10-19 17:44:35 CEST 
Mageia 6, x86_64

No PoCs found for the CVEs.
Ran self-test:
$ mbedtls-selftest

  MD5 test #1: passed
[...]
  Executed 23 test suites
  [ All tests PASS ]

Updated the packages:
$ mbedtls-selftest
  MD5 test #1: passed
[...]
  AES-GCM-256 #5 split (enc): passed
  AES-GCM-256 #5 split (dec): passed
[...]
  X.509 certificate load: passed
  X.509 signature verify: passed
[...]
  TIMING test #1 (set_alarm / get_timer): passed
  TIMING test #2 (set/get_delay        ): passed
  TIMING test #3 (hardclock / get_timer): passed
  Executed 23 test suites
  [ All tests PASS ]
$

Passing this for 64-bits.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Comment 4 David Walser 2018-10-19 18:34:06 CEST 
Always make sure you test a package that uses a library and not just its own tools, to make sure it hasn't broken binary compatibility.
Comment 5 Len Lawrence 2018-10-20 02:37:57 CEST 
Thanks for the headsup David.  It looks like hiawatha is a candidate - tomorrow.

Whiteboard: MGA6-64-OK => (none)

Comment 6 Len Lawrence 2018-10-20 12:05:12 CEST 
Testing hiawatha.
Removed mbedtls and support library.
Stopped apache.
Installed hiawatha and noted that mbedtls and lib64mbedtls10 were required.
Update mbdedtls and the library again and started hiawatha under strace.  Visited various sites in firefox then closed down hiawatha.  No sign of mbedtls interaction in the trace however.

Have to leave it there.  Know nothing about dolphin-emu or shadowsocks.
Reinstating the 64-bit OK.

Whiteboard: (none) => MGA6-64-OK

Comment 7 Thomas Andrews 2018-11-02 20:02:44 CET 
Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2018-11-03 12:04:37 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 8 Mageia Robot 2018-11-03 12:56:32 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0432.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED