Bug 25977

Summary: openssl new security issue CVE-2019-1551
Product: Mageia Reporter: Zombie Ryushu <zombie.ryushu>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, mageia, nicolas.salguero, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://linuxsecurity.com/advisories/debian/debian-dsa-4594-1-openssl1-0-security-update-17-13-06
Whiteboard: MGA7-64-OK
Source RPM: compat-openssl10-1.0.2t-1.mga7.src.rpm, openssl-1.1.0l-1.mga7.src.rpm CVE: CVE-2019-1551
Status comment:

Zombie Ryushu 2019-12-28 00:52:05 CET

CVE: (none) => CVE-2019-1551
Component: RPM Packages => Security

Comment 1 Nicolas Salguero 2019-12-28 15:46:38 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. (CVE-2019-1551)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
https://linuxsecurity.com/advisories/debian/debian-dsa-4594-1-openssl1-0-security-update-17-13-06
========================

Updated packages in core/updates_testing:
========================
compat-openssl10-1.0.2u-1.mga7
lib(64)compat-openssl10_1.0.0-1.0.2u-1.mga7
lib(64)compat-openssl10-devel-1.0.2u-1.mga7

from SRPMS:
compat-openssl10-1.0.2u-1.mga7.src.rpm

Source RPM: openssl => compat-openssl10-1.0.2t-1.mga7.src.rpm
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Nicolas Salguero 2019-12-28 17:40:47 CET

Assignee: bugsquad => qa-bugs

Comment 2 David Walser 2019-12-29 04:57:24 CET 
Upstream advisory:
https://www.openssl.org/news/secadv/20191206.txt

Actual Debian advisory:
https://www.debian.org/security/2019/dsa-4594

This issue likely affects openssl 1.1.0 as well (if it affects 1.0 and 1.1.1, how could it not?), but upstream isn't saying because they're not supporting it anymore.  We need to get a patch from somewhere or backport the commit referenced in the upstream advisory.

Keywords: (none) => feedback
QA Contact: (none) => security
Summary: Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure => openssl new security issue CVE-2019-1551

Comment 3 Nicolas Salguero 2019-12-29 10:09:22 CET 
Updated packages in core/updates_testing:
========================
compat-openssl10-1.0.2u-1.mga7
lib(64)compat-openssl10_1.0.0-1.0.2u-1.mga7
lib(64)compat-openssl10-devel-1.0.2u-1.mga7
openssl-1.1.0l-1.1.mga7
lib(64)openssl1.1-1.1.0l-1.1.mga7
lib(64)openssl-devel-1.1.0l-1.1.mga7
lib(64)openssl-static-devel-1.1.0l-1.1.mga7
openssl-perl-1.1.0l-1.1.mga7

from SRPMS:
compat-openssl10-1.0.2u-1.mga7.src.rpm
openssl-1.1.0l-1.1.mga7.src.rpm

Source RPM: compat-openssl10-1.0.2t-1.mga7.src.rpm => compat-openssl10-1.0.2t-1.mga7.src.rpm, openssl-1.1.0l-1.mga7.src.rpm
Keywords: feedback => (none)

Comment 4 David Walser 2019-12-29 17:37:35 CET 
Advisory:
========================

Updated compat-openssl10 and openssl packages fix security vulnerability:

There is an overflow bug in the x64_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as
a result of this defect would be very difficult to perform and are not believed
likely. Attacks against DH512 are considered just feasible. However, for an
attack the target would have to re-use the DH512 private key, which is not
recommended anyway. Also applications directly using the low level API
BN_mod_exp may be affected if they use BN_FLG_CONSTTIME (CVE-2019-1551).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt
Comment 5 PC LX 2020-01-02 11:55:41 CET 
Installed and tested without issue.

The openssl packages are used by lost of other packages in the system and after several days of usage nothing broke. Also did some tests with the openssl command (e.g. create keys and certificates), so I'm giving it an OK.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | egrep 'openssl.*1\.(0|1)' | sort
lib64compat-openssl10_1.0.0-1.0.2u-1.mga7
lib64openssl1.1-1.1.0l-1.1.mga7
libopenssl1.1-1.1.0l-1.1.mga7
openssl-1.1.0l-1.1.mga7

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Comment 6 Thomas Andrews 2020-01-03 19:59:25 CET 
Thank you, PC LX.

Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-01-05 14:50:42 CET

Keywords: (none) => advisory
CC: (none) => tmb

Comment 7 Mageia Robot 2020-01-05 16:40:21 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0023.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED