RedHat has issued an advisory for this today:
https://rhn.redhat.com/errata/RHSA-2016-0301.html

LWN reference for CVE-2015-0800:
http://lwn.net/Vulnerabilities/678156/

Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Openssl

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
http://openssl.org/news/secadv/20160301.txt

URL: (none) => http://lwn.net/Vulnerabilities/678143/
Whiteboard: (none) => has_procedure

Testing complete mga5 64

# openssl speed
Doing mdc2 for 3s on 16 size blocks: 1421396 mdc2's in 3.00s
Doing mdc2 for 3s on 64 size blocks: 391905 mdc2's in 3.00s
Doing mdc2 for 3s on 256 size blocks: 100194 mdc2's in 3.00s
..etc (takes ages to complete)
...wait
....not yet
...almost there
..and eventually
Doing 409 bit  ecdh's for 10s: 5909 409-bit ECDH ops in 10.01s
Doing 571 bit  ecdh's for 10s: 2432 571-bit ECDH ops in 10.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
...etc with no errors.

meanwhile, in another terminal tab..

$ openssl s_time -connect 192.168.1.28:443 <--- Server with apache (httpd) running
No CIPHER specified
Collecting connection statistics for 30 seconds
*****************************************************..etc

5260 connections in 4.07s; 1292.38 connections/user sec, bytes read 0
5260 connections in 31 real seconds, 0 bytes read per connection


Now timing with session id reuse.
starting
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr..etc

10779 connections in 1.97s; 5471.57 connections/user sec, bytes read 0
10779 connections in 31 real seconds, 0 bytes read per connection

Whiteboard: has_procedure => has_procedure mga5-64-ok

openssl s_time -connect test gives at the end of the two sections:

500 connections in 0.97s; 515.46 connections/user sec, bytes read 0
500 connections in 31 real seconds, 0 bytes read per connection

4678 connections in 0.73s; 6408.22 connections/user sec, bytes read 0
4678 connections in 31 real seconds, 0 bytes read per connection

openssl speed (ironic command name) ends with:

OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

followed by a table of speeds.

Testing complete, Mageia 5 i586.

Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok

and it breaks mgarepo.

Traceback (most recent call last):
  File "/usr/bin/mgarepo", line 93, in <module>
    do_command(parse_options, dispatch_command)
  File "/usr/lib/python2.7/site-packages/MgaRepo/command.py", line 39, in do_command
    main_func(**opt.__dict__)
  File "/usr/bin/mgarepo", line 76, in dispatch_command
    repsys_module = __import__("MgaRepo.commands."+command)
  File "/usr/lib/python2.7/site-packages/MgaRepo/commands/co.py", line 4, in <module>
    from MgaRepo.rpmutil import checkout
  File "/usr/lib/python2.7/site-packages/MgaRepo/rpmutil.py", line 3, in <module>
    from MgaRepo import mirror, layout, log, binrepo
  File "/usr/lib/python2.7/site-packages/MgaRepo/mirror.py", line 6, in <module>
    from MgaRepo import Error, config, layout
  File "/usr/lib/python2.7/site-packages/MgaRepo/layout.py", line 7, in <module>
    from MgaRepo.svn import SVN
  File "/usr/lib/python2.7/site-packages/MgaRepo/svn.py", line 2, in <module>
    from MgaRepo.util import execcmd, get_auth
  File "/usr/lib/python2.7/site-packages/MgaRepo/util.py", line 12, in <module>
    import httplib2
  File "/usr/lib/python2.7/site-packages/httplib2/__init__.py", line 921, in <module>
    class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
AttributeError: 'module' object has no attribute 'HTTPSConnection'

Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok feedback

Some Googling suggests this is an ABI breakage and python, specifically this file:
/usr/lib/python2.7/lib-dynload/_ssl.so

would need rebuilding to fix this, but I'm thinking maybe the ABI breakage wasn't intended, or maybe it's necessitated by the SSLv2 removal, as this message suggests:
http://openwall.com/lists/oss-security/2016/03/01/9

CC: (none) => makowski.mageia

Indeed, the ABI is missing some symbols, which is breaking things that call SSLv2 functions.  In Cauldron, people have already noted that python3 and qtnetwork are also broken.

Yeah, also stunnel... I wonder what the best way out of this is...

maybe restoring ABI but blocking the calls or just rebuild stuff we know depend on it (can become a long list) and wait for the fallout of "less known package breakages" ...

wonder what upstream and other distros plans to do...

These symbols are missing:

ssl2_accept
ssl2_callback_ctrl
ssl2_ciphers
ssl2_clear
ssl2_connect
ssl2_ctrl
ssl2_ctx_callback_ctrl
ssl2_ctx_ctrl
ssl2_default_timeout
ssl2_do_write
ssl2_enc
ssl2_enc_init
ssl2_free
ssl2_generate_key_material
ssl2_get_cipher
ssl2_get_cipher_by_char
ssl2_mac
ssl2_new
ssl2_num_ciphers
ssl2_part_read
ssl2_peek
ssl2_pending
ssl2_put_cipher_by_char
ssl2_read
ssl2_return_error
ssl2_set_certificate
ssl2_shutdown
ssl2_version_str
ssl2_write
ssl2_write_error
SSLv2_client_method
SSLv2_method
SSLv2_server_method

CC: (none) => oe
Blocks: 17862 => (none)

RHEL6 updates solved this differently.

Looking at Fedora they list 397 packages needing rebuild :)
https://bugzilla.redhat.com/show_bug.cgi?id=1313509

I've re-enabled ssl2 tu unbreak ABI.

According to this commit:
https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7

openssl should still be safe / not vulnerable to the DROWN attack

(to be verified)

New rounds of tests for:

openssl-1.0.2g-1.1.mga5
libopenssl-engines1.0.0-1.0.2g-1.1.mga5
libopenssl1.0.0-1.0.2g-1.1.mga5
libopenssl-devel-1.0.1g-1.1.mga5
libopenssl-static-devel-1.0.2g-1.1.mga5

from :

openssl-1.0.2g-1.1.mga5.src.rpm

Whiteboard: has_procedure mga5-32-ok mga5-64-ok feedback => has_procedure

Actually for Cauldron we should disable SSLv2 and rebuild things.  Pascal has the umeabot ready to go for that.  Debian has already done it a while ago.  For us, there's no better time than the present.

Yeah, I thought about that after enabling it... it's the sane thing to do.
For mga5 we will keep ssl2 to minimize breakage, but lets do it for cauldron

I dont have access to my ssh host now, so feel free disable it again and start the rebuild process...

FYI, according to this article:
https://fedoramagazine.org/fedoras-not-drowning/

we're also not vulnerable to DROWN / CVE-2016-0800 in our default configuration either, because before Mageia 5's release, I added the same patch Fedora used to disable SSLv2 and SSLv3.

Ran the same tests as before.  459 and 4561 connections for s_time and the speed test looks pretty much the same.  mgarepo still works :D

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Re-testing mga5 64. Good catch David. We should add some application to test as part of the procedure.

(In reply to claire robinson from comment #18)
> Re-testing mga5 64. Good catch David. We should add some application to test
> as part of the procedure.

I guess stunnel would work, since we've tested that before.

NOK

$ stunnel
[.] stunnel 5.03 on x86_64-mageia-linux-gnu platform
[.] Compiled with OpenSSL 1.0.2d 9 Jul 2015
[.] Running  with OpenSSL 1.0.2g  1 Mar 2016
[.] Update OpenSSL shared libraries or rebuild stunnel
[.] Threading:FORK Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[.] Reading configuration from file /etc/stunnel/stunnel.conf
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing service [pop3s]
[ ] Loading cert from file: /etc/pki/tls/certs/stunnel.pem
[ ] Loading key from file: /etc/pki/tls/private/stunnel.pem
[!] error queue: 140B0002: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
[!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib
[!] SSL_CTX_use_PrivateKey_file: 200100D: error:0200100D:system library:fopen:Permission denied
[!] Service [pop3s]: Failed to initialize SSL context

Needs some config, using https://bugs.mageia.org/show_bug.cgi?id=12943#c8 as a guide..

Hopefully freeradius still works.

Edited /etc/stunnel/stunnel.conf - uncommented the https section and changed the 'accept' port it listens on to 4443 from 443.

Run as root

# stunnel
# netstat -pant | grep :4443
tcp   0    0 0.0.0.0:4443            0.0.0.0:*       LISTEN      16345/stunnel

Enough to show it is listening. Standard openssl tests complete without error too so adding the OK.

We'll need an advisory please, whoever is providing it.

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-ok

Advisory:
========================

Update openssl packages fix security vulnerabilities:

Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from
Technion and Tel Aviv University, and Nadia Heninger from the University of
Pennsylvania discovered a side-channel attack which makes use of cache-bank
conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local
attackers to recover RSA private keys (CVE-2016-0702).

Adam Langley from Google discovered a double free bug when parsing malformed
DSA private keys. This could allow remote attackers to cause a denial of
service or memory corruption in applications parsing DSA private keys
received from untrusted sources (CVE-2016-0705).

Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn
functions that can lead to a NULL pointer dereference and heap corruption.
This could allow remote attackers to cause a denial of service or memory
corruption in applications processing hex or dec data received from untrusted
sources (CVE-2016-0797).

Emilia Käsper of the OpenSSL development team discovered a memory leak in the
SRP database lookup code. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to the SRP_VBASE_get1_by_user function
(CVE-2016-0798).

Guido Vranken discovered an integer overflow in the BIO_*printf functions
that could lead to an OOB read when printing very long strings. Additionally
the internal doapr_outch function can attempt to write to an arbitrary memory
location in the event of a memory allocation failure. These issues will only
occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit
systems. This could allow remote attackers to cause a denial of service or
memory corruption in applications that pass large amounts of untrusted data
to the BIO_*printf functions (CVE-2016-0799).

Note that Mageia is not vulnerable to the DROWN issue, also known as
CVE-2016-0800, in its default configuration, as SSLv2 was disabled by
default in Mageia 5.  However, upstream mitigations for DROWN have also been
incorporated into this update, protecting systems that may have enabled it.

References:
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://openssl.org/news/secadv/20160301.txt
https://www.debian.org/security/2016/dsa-3500

Advisory uploaded. Holding off validating until it's been better tested against some applications.

I suppose anything from here would do the job

$ urpmq --whatrequires lib64openssl1.0.0

zoneminder, sslscan, owncloud-client all OK. Did you confirm freeradius?

I've never actually used it (only been meaning to for 10+ years, but haven't gotten around to it).  It has been sensitive to openssl updates in the past.

Basics from here https://bugs.mageia.org/show_bug.cgi?id=8726#c2

Installed freeradius freeradius-mysql & lib64freeradius1

Commented make_cert_command = "${certdir}/bootstrap" in /etc/raddb/eap.conf

# radiusd -CX 

shows Configuration appears to be OK.

# systemctl start radiusd.service 
# systemctl status radiusd.service 
â radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled)
   Active: active (running) since Wed 2016-03-02 17:59:19 GMT; 4s ago
  Process: 17480 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
  Process: 17478 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
 Main PID: 17483 (radiusd)
   CGroup: /system.slice/radiusd.service
           ââ17483 /usr/sbin/radiusd -d /etc/raddb


# echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users
# systemctl restart radiusd.service
# radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 58 to 127.0.0.1 port 1812
        User-Name = "testing"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=58, length=20

Validating. Please push to 5 updates. Thanks.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0093.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED