Bug 28383

Summary: openssl, compat-openssl10 new security issues CVE-2021-2384[01]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, herman.viaene, mageia, nicolas.salguero, ouaurelien, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO MGA7-64-OK MGA8-64-OK
Source RPM: openssl-1.1.1i-1.mga8.src.rpm, compat-openssl10-1.0.2u-1.1.mga7.src.rpm CVE: CVE-2021-23840, CVE-2021-23841
Status comment:

Description David Walser 2021-02-19 20:24:44 CET 
OpenSSL has issued an advisory on February 16:
https://www.openssl.org/news/secadv/20210216.txt

The issues are fixed upstream in 1.1.1j.

Mageia 7 is also affected.
David Walser 2021-02-19 20:24:51 CET

Whiteboard: (none) => MGA8TOO, MGA7TOO

Comment 1 Aurelien Oudelet 2021-02-20 13:24:18 CET 
Hi, thanks for reporting this.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

CC: (none) => nicolas.salguero, ouaurelien
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2021-02-26 16:40:51 CET 
Debian has issued an advisory for this on February 17:
https://www.debian.org/security/2021/dsa-4855
Comment 3 David Walser 2021-02-26 17:41:42 CET 
Debian-LTS has issued an advisory for this on February 18:
https://www.debian.org/lts/security/2021/dla-2563

They patched 1.1.0* (which we have in Mageia 7).
Comment 4 David Walser 2021-02-26 17:42:35 CET 
Debian-LTS has issued an advisory for this on February 18:
https://www.debian.org/lts/security/2021/dla-2565

They patched 1.0.2* (which is what compat-openssl10 is).
Comment 5 David Walser 2021-02-26 19:16:57 CET 
Ubuntu has issued an advisory for this on February 18:
https://ubuntu.com/security/notices/USN-4738-1
Comment 6 Nicolas Lécureuil 2021-02-27 20:07:44 CET 
src:

     mageia 7:
             - openssl-1.1.0l-1.3.mga7
             - compat-openssl10-1.0.2u-1.2.mga7

     mageia 8:
             - openssl-1.1.1j-1.mga8

Version: Cauldron => 8
CC: (none) => mageia

Comment 7 David Walser 2021-02-27 20:46:41 CET 
Package list:
compat-openssl10-1.0.2u-1.2.mga7
libcompat-openssl10_1.0.0-1.0.2u-1.2.mga7
libcompat-openssl10-devel-1.0.2u-1.2.mga7
openssl-1.1.0l-1.3.mga7
libopenssl1.1-1.1.0l-1.3.mga7
libopenssl-devel-1.1.0l-1.3.mga7
libopenssl-static-devel-1.1.0l-1.3.mga7
openssl-perl-1.1.0l-1.3.mga7
openssl-1.1.1j-1.mga8
libopenssl-devel-1.1.1j-1.mga8
libopenssl1.1-1.1.1j-1.mga8
openssl-perl-1.1.1j-1.mga8
libopenssl-static-devel-1.1.1j-1.mga8

Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
Assignee: pkg-bugs => qa-bugs

Comment 8 David Walser 2021-03-03 01:19:33 CET 
Advisory:
========================

Updated openssl and compat-openssl10 packages fix security vulnerabilities:

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths
in EVP functions. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service (CVE-2021-23840).

Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer
fields. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service (CVE-2021-23841).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
https://www.openssl.org/news/secadv/20210216.txt
https://ubuntu.com/security/notices/USN-4738-1
Comment 9 Aurelien Oudelet 2021-03-04 15:49:08 CET 
Running this piece of software since assigned: no regressions.
SSL OK.

MGA8-64-OK
MGA7-64-OK

Advisory pushed to SVN.
Ping QA users.

Keywords: (none) => advisory
CVE: (none) => CVE-2021-23840, CVE-2021-23841
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK

Comment 10 Herman Viaene 2021-03-04 16:00:33 CET 
MGA7-64 MATE on Peaq C1011
No installation issues
Following wiki for tests:
$ openssl version -a
OpenSSL 1.1.0l  10 Sep 2019
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DPURIFY -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config" -DOPENSSLDIR="\"/etc/pki/tls\"" -DENGINESDIR="\"/usr/lib64/engines-1.1\""  -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -Wa,--noexecstack
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
engines:  rdrand dynamic 

# openssl ciphers -v
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
and a lot more ....

# openssl ciphers -v -tls1
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
and more ....

# openssl ciphers -v 'HIGH'
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
etc ......

# openssl ciphers -v 'AES+HIGH'
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
etc .....
Continuing tests ......

CC: (none) => herman.viaene

Comment 11 Herman Viaene 2021-03-04 16:07:55 CET 
$ openssl speed
Doing md2 for 3s on 16 size blocks: 345506 md2's in 2.99s
Doing md2 for 3s on 64 size blocks: 182067 md2's in 3.00s
Doing md2 for 3s on 256 size blocks: 62538 md2's in 3.00s
Doing md2 for 3s on 1024 size blocks: 17248 md2's in 3.00s
Doing md2 for 3s on 8192 size blocks: 2223 md2's in 2.99s
Doing md2 for 3s on 16384 size blocks: 1103 md2's in 3.00s
etc......

$ openssl speed rsa
Doing 512 bit private rsa's for 10s: 38248 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 463033 512 bit public RSA's in 10.00s
etc ....

Other tests from wiki run  into problems since syntax and file location changes, not exploring those, this should be enough, I guess.
Comment 12 Thomas Andrews 2021-03-04 16:25:15 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 13 Mageia Robot 2021-03-04 17:55:19 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0108.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED