Bug 32112

Summary: openssl new security issues CVE-2023-2975, CVE-2023-3446 and CVE-2023-3817
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, brtians1, davidwhodgins, mageia, nicolas.salguero, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8TOO MGA8-64-OK MGA9-64-OK
Source RPM: openssl-3.0.9-1.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-07-17 20:39:01 CEST 
OpenSSL has issued an advisory on July 14:
https://www.openssl.org/news/secadv/20230714.txt

The issue will be fixed upstream in 3.0.10.
Comment 1 Lewis Smith 2023-07-19 21:03:47 CEST 
ns80 currently nurses openssl, so assigning to you.

Assignee: bugsquad => nicolas.salguero
Status comment: (none) => fixed upstream in 3.0.10

Comment 2 Nicolas Salguero 2023-08-29 14:22:07 CEST 
OpenSSL has issued other advisories on July 19:
https://www.openssl.org/news/secadv/20230719.txt

and July 31:
https://www.openssl.org/news/secadv/20230731.txt

Versions 3.0.10 and 1.1.1v were released on August 01.

Summary: openssl new security issue CVE-2023-2975 => openssl new security issues CVE-2023-2975, CVE-2023-3446 and CVE-2023-3817

Comment 3 Nicolas Salguero 2023-08-31 14:22:22 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975)

Excessive time spent checking DH keys and parameters. (CVE-2023-3446)

Excessive time spent checking DH q parameter value. (CVE-2023-3817)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
https://www.openssl.org/news/secadv/20230714.txt
https://www.openssl.org/news/secadv/20230719.txt
https://www.openssl.org/news/secadv/20230731.txt
========================

Updated packages in 8/core/updates_testing:
========================
lib(64)openssl1.1-1.1.1v-1.mga8
lib(64)openssl-devel-1.1.1v-1.mga8
lib(64)openssl-static-devel-1.1.1v-1.mga8
openssl-1.1.1v-1.mga8
openssl-perl-1.1.1v-1.mga8

from SRPM:
openssl-1.1.1v-1.mga8.src.rpm

Updated packages in 9/core/updates_testing:
========================
lib(64)openssl3-3.0.10-1.mga9
lib(64)openssl-devel-3.0.10-1.mga9
lib(64)openssl-static-devel-3.0.10-1.mga9
openssl-3.0.10-1.mga9
openssl-perl-3.0.10-1.mga9

from SRPM:
openssl-3.0.10-1.mga9.src.rpm

Status comment: fixed upstream in 3.0.10 => (none)
Whiteboard: (none) => MGA8TOO
Version: Cauldron => 9
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

PC LX 2023-08-31 16:47:36 CEST

CC: (none) => mageia

Comment 4 Brian Rockwell 2023-09-01 15:53:48 CEST 
mga9-64, Xfce

$ uname -a
Linux localhost 6.4.12-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Mon Aug 28 09:15:37 UTC 2023 x86_64 GNU/Linux

The following 2 packages are going to be installed:

- lib64openssl3-3.0.10-1.mga9.x86_64
- openssl-3.0.10-1.mga9.x86_64



$ openssl ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA

$ openssl version
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)


from a base level it appears to be working

CC: (none) => brtians1

Comment 5 Brian Rockwell 2023-09-02 21:48:32 CEST 
MGA8-64, Plasma


The following 3 packages are going to be installed:

- lib64openssl-devel-1.1.1v-1.mga8.x86_64
- lib64openssl1.1-1.1.1v-1.mga8.x86_64
- openssl-1.1.1v-1.mga8.x86_64


$ openssl version
OpenSSL 1.1.1v  1 Aug 2023

$ openssl ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA


$ openssl s_client -connect mageia.org:443    
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 CN = *.mageia.org
verify return:1
---
blah blah blah

...

SSL handshake has read 3670 bytes and written 384 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)


AES-SIV cipher is beyond simple testing and would need some C code.  Not up to that at this moment.

Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK MGA9-64-OK

Comment 6 Thomas Andrews 2023-09-04 02:09:37 CEST 
Validating. Advisory in commet 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-09-11 02:09:19 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-09-11 15:09:31 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0253.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED