Bug 24179

Summary: nss new security issue CVE-2018-0495
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, mageia, sysadmin-bugs, tmb
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK MGA6-64-OK
Source RPM: nss-3.36.6-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2019-01-14 16:01:53 CET 
Ubuntu has issued an advisory on January 9:
https://usn.ubuntu.com/3850-1/

The issue was fixed upstream in 3.38, but the fix was not included in 3.36.6.

Patched package uploaded for Mageia 6.

Advisory:
========================

Updated nss packages fix security vulnerability:

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A
local attacker could possibly use this issue to perform a cache-timing attack
and recover private ECDSA keys (CVE-2018-0495).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
https://usn.ubuntu.com/3850-1/
========================

Updated packages in core/updates_testing:
========================
nss-3.36.6-1.1.mga6
nss-doc-3.36.6-1.1.mga6
libnss3-3.36.6-1.1.mga6
libnss-devel-3.36.6-1.1.mga6
libnss-static-devel-3.36.6-1.1.mga6

from nss-3.36.6-1.1.mga6.src.rpm
Comment 1 Herman Viaene 2019-01-15 12:01:54 CET 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
At CLI:
$ strace -o nss.txt firefox
I find "open("/lib/libnss3.so", O_RDONLY|O_CLOEXEC) = 4" in the trace, and Firefox works OK.
Tried also two commands from the nss package:
from bltest help: "   bltest -F	Run the FIPS self-test"
So
$ bltest -F
CK_RV: 48.
and
$ certdb_gtest 
[==========] Running 18 tests from 3 test cases.
[----------] Global test environment set-up.
[----------] 2 tests from Alg1485Test
[ RUN      ] Alg1485Test.ShortOIDTest
[       OK ] Alg1485Test.ShortOIDTest (0 ms)
[ RUN      ] Alg1485Test.BrokenOIDTest
[       OK ] Alg1485Test.BrokenOIDTest (0 ms)
[----------] 2 tests from Alg1485Test (0 ms total)

[----------] 11 tests from ParseAVAStrings/Alg1485ParseTest
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/0
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/0 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/1
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/1 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/2
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/2 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/3
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/3 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/4
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/4 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/5
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/5 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/6
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/6 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/7
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/7 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/8
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/8 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/9
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/9 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/10
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/10 (0 ms)
[----------] 11 tests from ParseAVAStrings/Alg1485ParseTest (0 ms total)

[----------] 5 tests from CompareAVAStrings/Alg1485CompareTest
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/0
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/0 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/1
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/1 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/2
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/2 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/3
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/3 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/4
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/4 (0 ms)
[----------] 5 tests from CompareAVAStrings/Alg1485CompareTest (1 ms total)

[----------] Global test environment tear-down
[==========] 18 tests from 3 test cases ran. (3 ms total)
[  PASSED  ] 18 tests.
 Looks OK for me, taking into account I'm not familiar with this stuff.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 2 PC LX 2019-01-15 17:09:03 CET 
Installed and tested without issues.

Did the same tests as Herman Viaene. All tests OK.

System: Mageia 6, x86_64, Firefox 60.4.0, Intel CPU.

$ /usr/bin/firefox --version
Mozilla Firefox 60.4.0
$ strace -o /tmp/firefox_strace.log /usr/bin/firefox
<SNIP - ALL OK>
$ grep -o 'open[(].*lib.*nss.*[)]' /tmp/firefox_strace.log | sort -u
open("/lib64/libnss3.so", O_RDONLY|O_CLOEXEC)
open("/lib64/libnss_compat.so.2", O_RDONLY|O_CLOEXEC)
open("/lib64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC)
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC)
open("/lib64/libnss_nis.so.2", O_RDONLY|O_CLOEXEC)
open("/lib64/libnssutil3.so", O_RDONLY|O_CLOEXEC)
$ bltest -F
CK_RV: 48.
$ certdb_gtest
[==========] Running 18 tests from 3 test cases.
[----------] Global test environment set-up.
[----------] 2 tests from Alg1485Test
[ RUN      ] Alg1485Test.ShortOIDTest
[       OK ] Alg1485Test.ShortOIDTest (0 ms)
[ RUN      ] Alg1485Test.BrokenOIDTest
[       OK ] Alg1485Test.BrokenOIDTest (0 ms)
[----------] 2 tests from Alg1485Test (0 ms total)

[----------] 11 tests from ParseAVAStrings/Alg1485ParseTest
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/0
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/0 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/1
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/1 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/2
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/2 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/3
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/3 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/4
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/4 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/5
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/5 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/6
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/6 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/7
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/7 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/8
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/8 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/9
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/9 (0 ms)
[ RUN      ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/10
[       OK ] ParseAVAStrings/Alg1485ParseTest.TryParsingAVAStrings/10 (0 ms)
[----------] 11 tests from ParseAVAStrings/Alg1485ParseTest (0 ms total)

[----------] 5 tests from CompareAVAStrings/Alg1485CompareTest
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/0
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/0 (1 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/1
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/1 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/2
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/2 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/3
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/3 (0 ms)
[ RUN      ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/4
[       OK ] CompareAVAStrings/Alg1485CompareTest.CompareAVAStrings/4 (0 ms)
[----------] 5 tests from CompareAVAStrings/Alg1485CompareTest (1 ms total)

[----------] Global test environment tear-down
[==========] 18 tests from 3 test cases ran. (1 ms total)
[  PASSED  ] 18 tests.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
CC: (none) => mageia

Comment 3 PC LX 2019-01-15 17:10:27 CET 
Forgot the packages info:

$ rpm -qa | grep nss.*3.36 | sort
lib64nss3-3.36.6-1.1.mga6
nss-3.36.6-1.1.mga6
Comment 4 Lewis Smith 2019-01-15 21:43:27 CET 
Thanks both testers for rapid work.

*Security* advisory done from c0, BUT this update is classified 'bugfix', and cannot see how to correct that.

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Thomas Backlund 2019-01-15 22:41:06 CET

QA Contact: (none) => security
Component: RPM Packages => Security
CC: (none) => tmb

Comment 5 Mageia Robot 2019-01-15 23:16:57 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0038.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED