Openssl updated to 1.0.2g for: o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. o Disable SSLv2 default build, default negotiation and weak ciphers (CVE-2016-0800) o Fix a double-free in DSA code (CVE-2016-0705) o Disable SRP fake user seed to address a server memory leak (CVE-2016-0798) o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) o Fix memory issues in BIO_*printf functions (CVE-2016-0799) o Fix side channel attack on modular exponentiation (CVE-2016-0702) I'll provide better advisory soon-ish Updated packages currently building, heading to core/updates_testing: ======================== openssl-1.0.2g-1.mga5 libopenssl-engines1.0.0-1.0.2g-1.mga5 libopenssl1.0.0-1.0.2g-1.mga5 libopenssl-devel-1.0.1g-1.mga5 libopenssl-static-devel-1.0.2g-1.mga5 from openssl-1.0.2g-1.mga5.src.rpm
RedHat has issued an advisory for this today: https://rhn.redhat.com/errata/RHSA-2016-0301.html LWN reference for CVE-2015-0800: http://lwn.net/Vulnerabilities/678156/ Testing procedure: https://wiki.mageia.org/en/QA_procedure:Openssl References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800 http://openssl.org/news/secadv/20160301.txt
URL: (none) => http://lwn.net/Vulnerabilities/678143/Whiteboard: (none) => has_procedure
Testing complete mga5 64 # openssl speed Doing mdc2 for 3s on 16 size blocks: 1421396 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 391905 mdc2's in 3.00s Doing mdc2 for 3s on 256 size blocks: 100194 mdc2's in 3.00s ..etc (takes ages to complete) ...wait ....not yet ...almost there ..and eventually Doing 409 bit ecdh's for 10s: 5909 409-bit ECDH ops in 10.01s Doing 571 bit ecdh's for 10s: 2432 571-bit ECDH ops in 10.00s OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified ...etc with no errors. meanwhile, in another terminal tab.. $ openssl s_time -connect 192.168.1.28:443 <--- Server with apache (httpd) running No CIPHER specified Collecting connection statistics for 30 seconds *****************************************************..etc 5260 connections in 4.07s; 1292.38 connections/user sec, bytes read 0 5260 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr..etc 10779 connections in 1.97s; 5471.57 connections/user sec, bytes read 0 10779 connections in 31 real seconds, 0 bytes read per connection
Whiteboard: has_procedure => has_procedure mga5-64-ok
openssl s_time -connect test gives at the end of the two sections: 500 connections in 0.97s; 515.46 connections/user sec, bytes read 0 500 connections in 31 real seconds, 0 bytes read per connection 4678 connections in 0.73s; 6408.22 connections/user sec, bytes read 0 4678 connections in 31 real seconds, 0 bytes read per connection openssl speed (ironic command name) ends with: OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM followed by a table of speeds. Testing complete, Mageia 5 i586.
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok
and it breaks mgarepo. Traceback (most recent call last): File "/usr/bin/mgarepo", line 93, in <module> do_command(parse_options, dispatch_command) File "/usr/lib/python2.7/site-packages/MgaRepo/command.py", line 39, in do_command main_func(**opt.__dict__) File "/usr/bin/mgarepo", line 76, in dispatch_command repsys_module = __import__("MgaRepo.commands."+command) File "/usr/lib/python2.7/site-packages/MgaRepo/commands/co.py", line 4, in <module> from MgaRepo.rpmutil import checkout File "/usr/lib/python2.7/site-packages/MgaRepo/rpmutil.py", line 3, in <module> from MgaRepo import mirror, layout, log, binrepo File "/usr/lib/python2.7/site-packages/MgaRepo/mirror.py", line 6, in <module> from MgaRepo import Error, config, layout File "/usr/lib/python2.7/site-packages/MgaRepo/layout.py", line 7, in <module> from MgaRepo.svn import SVN File "/usr/lib/python2.7/site-packages/MgaRepo/svn.py", line 2, in <module> from MgaRepo.util import execcmd, get_auth File "/usr/lib/python2.7/site-packages/MgaRepo/util.py", line 12, in <module> import httplib2 File "/usr/lib/python2.7/site-packages/httplib2/__init__.py", line 921, in <module> class HTTPSConnectionWithTimeout(httplib.HTTPSConnection): AttributeError: 'module' object has no attribute 'HTTPSConnection'
Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok feedback
Some Googling suggests this is an ABI breakage and python, specifically this file: /usr/lib/python2.7/lib-dynload/_ssl.so would need rebuilding to fix this, but I'm thinking maybe the ABI breakage wasn't intended, or maybe it's necessitated by the SSLv2 removal, as this message suggests: http://openwall.com/lists/oss-security/2016/03/01/9
CC: (none) => makowski.mageia
Indeed, the ABI is missing some symbols, which is breaking things that call SSLv2 functions. In Cauldron, people have already noted that python3 and qtnetwork are also broken.
Blocks: (none) => 17862
Yeah, also stunnel... I wonder what the best way out of this is... maybe restoring ABI but blocking the calls or just rebuild stuff we know depend on it (can become a long list) and wait for the fallout of "less known package breakages" ... wonder what upstream and other distros plans to do...
These symbols are missing: ssl2_accept ssl2_callback_ctrl ssl2_ciphers ssl2_clear ssl2_connect ssl2_ctrl ssl2_ctx_callback_ctrl ssl2_ctx_ctrl ssl2_default_timeout ssl2_do_write ssl2_enc ssl2_enc_init ssl2_free ssl2_generate_key_material ssl2_get_cipher ssl2_get_cipher_by_char ssl2_mac ssl2_new ssl2_num_ciphers ssl2_part_read ssl2_peek ssl2_pending ssl2_put_cipher_by_char ssl2_read ssl2_return_error ssl2_set_certificate ssl2_shutdown ssl2_version_str ssl2_write ssl2_write_error SSLv2_client_method SSLv2_method SSLv2_server_method
CC: (none) => oeBlocks: 17862 => (none)
RHEL6 updates solved this differently.
Looking at Fedora they list 397 packages needing rebuild :) https://bugzilla.redhat.com/show_bug.cgi?id=1313509
I've re-enabled ssl2 tu unbreak ABI. According to this commit: https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7 openssl should still be safe / not vulnerable to the DROWN attack
(to be verified)
New rounds of tests for: openssl-1.0.2g-1.1.mga5 libopenssl-engines1.0.0-1.0.2g-1.1.mga5 libopenssl1.0.0-1.0.2g-1.1.mga5 libopenssl-devel-1.0.1g-1.1.mga5 libopenssl-static-devel-1.0.2g-1.1.mga5 from : openssl-1.0.2g-1.1.mga5.src.rpm
Whiteboard: has_procedure mga5-32-ok mga5-64-ok feedback => has_procedure
Actually for Cauldron we should disable SSLv2 and rebuild things. Pascal has the umeabot ready to go for that. Debian has already done it a while ago. For us, there's no better time than the present.
Yeah, I thought about that after enabling it... it's the sane thing to do. For mga5 we will keep ssl2 to minimize breakage, but lets do it for cauldron I dont have access to my ssh host now, so feel free disable it again and start the rebuild process...
FYI, according to this article: https://fedoramagazine.org/fedoras-not-drowning/ we're also not vulnerable to DROWN / CVE-2016-0800 in our default configuration either, because before Mageia 5's release, I added the same patch Fedora used to disable SSLv2 and SSLv3.
Ran the same tests as before. 459 and 4561 connections for s_time and the speed test looks pretty much the same. mgarepo still works :D
Whiteboard: has_procedure => has_procedure MGA5-32-OK
Re-testing mga5 64. Good catch David. We should add some application to test as part of the procedure.
(In reply to claire robinson from comment #18) > Re-testing mga5 64. Good catch David. We should add some application to test > as part of the procedure. I guess stunnel would work, since we've tested that before.
NOK $ stunnel [.] stunnel 5.03 on x86_64-mageia-linux-gnu platform [.] Compiled with OpenSSL 1.0.2d 9 Jul 2015 [.] Running with OpenSSL 1.0.2g 1 Mar 2016 [.] Update OpenSSL shared libraries or rebuild stunnel [.] Threading:FORK Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP [ ] errno: (*__errno_location ()) [.] Reading configuration from file /etc/stunnel/stunnel.conf [.] FIPS mode disabled [ ] Compression disabled [ ] PRNG seeded successfully [ ] Initializing service [pop3s] [ ] Loading cert from file: /etc/pki/tls/certs/stunnel.pem [ ] Loading key from file: /etc/pki/tls/private/stunnel.pem [!] error queue: 140B0002: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib [!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib [!] SSL_CTX_use_PrivateKey_file: 200100D: error:0200100D:system library:fopen:Permission denied [!] Service [pop3s]: Failed to initialize SSL context
Needs some config, using https://bugs.mageia.org/show_bug.cgi?id=12943#c8 as a guide..
Hopefully freeradius still works.
Edited /etc/stunnel/stunnel.conf - uncommented the https section and changed the 'accept' port it listens on to 4443 from 443. Run as root # stunnel # netstat -pant | grep :4443 tcp 0 0 0.0.0.0:4443 0.0.0.0:* LISTEN 16345/stunnel Enough to show it is listening. Standard openssl tests complete without error too so adding the OK. We'll need an advisory please, whoever is providing it.
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-ok
Advisory: ======================== Update openssl packages fix security vulnerabilities: Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys (CVE-2016-0702). Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources (CVE-2016-0705). Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources (CVE-2016-0797). Emilia Käsper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function (CVE-2016-0798). Guido Vranken discovered an integer overflow in the BIO_*printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_*printf functions (CVE-2016-0799). Note that Mageia is not vulnerable to the DROWN issue, also known as CVE-2016-0800, in its default configuration, as SSLv2 was disabled by default in Mageia 5. However, upstream mitigations for DROWN have also been incorporated into this update, protecting systems that may have enabled it. References: References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799 http://openssl.org/news/secadv/20160301.txt https://www.debian.org/security/2016/dsa-3500
Advisory uploaded. Holding off validating until it's been better tested against some applications.
Whiteboard: has_procedure MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok
I suppose anything from here would do the job $ urpmq --whatrequires lib64openssl1.0.0
zoneminder, sslscan, owncloud-client all OK. Did you confirm freeradius?
I've never actually used it (only been meaning to for 10+ years, but haven't gotten around to it). It has been sensitive to openssl updates in the past.
Basics from here https://bugs.mageia.org/show_bug.cgi?id=8726#c2 Installed freeradius freeradius-mysql & lib64freeradius1 Commented make_cert_command = "${certdir}/bootstrap" in /etc/raddb/eap.conf # radiusd -CX shows Configuration appears to be OK. # systemctl start radiusd.service # systemctl status radiusd.service â radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled) Active: active (running) since Wed 2016-03-02 17:59:19 GMT; 4s ago Process: 17480 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Process: 17478 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Main PID: 17483 (radiusd) CGroup: /system.slice/radiusd.service ââ17483 /usr/sbin/radiusd -d /etc/raddb # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users # systemctl restart radiusd.service # radtest testing password 127.0.0.1 0 testing123 Sending Access-Request of id 58 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=58, length=20
Validating. Please push to 5 updates. Thanks.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0093.html
Status: NEW => RESOLVEDResolution: (none) => FIXED