Bug 17859 - openssl security issues (CVE-2016-0702, CVE-2016-0705, CVE-2016-079[7-9], CVE-2016-0800)
Summary: openssl security issues (CVE-2016-0702, CVE-2016-0705, CVE-2016-079[7-9], CVE...
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/678143/
Whiteboard: has_procedure advisory MGA5-32-OK mga...
Keywords: validated_update
Depends on:
Reported: 2016-03-01 19:07 CET by Thomas Backlund
Modified: 2016-03-02 19:30 CET (History)
3 users (show)

See Also:
Source RPM: openssl
Status comment:


Description Thomas Backlund 2016-03-01 19:07:51 CET
Openssl updated to 1.0.2g for:

o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
o Disable SSLv2 default build, default negotiation and weak ciphers
o Fix a double-free in DSA code (CVE-2016-0705)
o Disable SRP fake user seed to address a server memory leak
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
o Fix side channel attack on modular exponentiation (CVE-2016-0702)

I'll provide better advisory soon-ish

Updated packages currently building, heading to core/updates_testing:

from openssl-1.0.2g-1.mga5.src.rpm
Comment 2 claire robinson 2016-03-01 20:22:10 CET
Testing complete mga5 64

# openssl speed
Doing mdc2 for 3s on 16 size blocks: 1421396 mdc2's in 3.00s
Doing mdc2 for 3s on 64 size blocks: 391905 mdc2's in 3.00s
Doing mdc2 for 3s on 256 size blocks: 100194 mdc2's in 3.00s
..etc (takes ages to complete)
....not yet
...almost there
..and eventually
Doing 409 bit  ecdh's for 10s: 5909 409-bit ECDH ops in 10.01s
Doing 571 bit  ecdh's for 10s: 2432 571-bit ECDH ops in 10.00s
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
...etc with no errors.

meanwhile, in another terminal tab..

$ openssl s_time -connect <--- Server with apache (httpd) running
No CIPHER specified
Collecting connection statistics for 30 seconds

5260 connections in 4.07s; 1292.38 connections/user sec, bytes read 0
5260 connections in 31 real seconds, 0 bytes read per connection

Now timing with session id reuse.

10779 connections in 1.97s; 5471.57 connections/user sec, bytes read 0
10779 connections in 31 real seconds, 0 bytes read per connection

Whiteboard: has_procedure => has_procedure mga5-64-ok

Comment 3 David Walser 2016-03-01 20:53:04 CET
openssl s_time -connect test gives at the end of the two sections:

500 connections in 0.97s; 515.46 connections/user sec, bytes read 0
500 connections in 31 real seconds, 0 bytes read per connection

4678 connections in 0.73s; 6408.22 connections/user sec, bytes read 0
4678 connections in 31 real seconds, 0 bytes read per connection

openssl speed (ironic command name) ends with:

OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM

followed by a table of speeds.

Testing complete, Mageia 5 i586.

Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok

Comment 4 David Walser 2016-03-01 20:55:05 CET
and it breaks mgarepo.

Traceback (most recent call last):
  File "/usr/bin/mgarepo", line 93, in <module>
    do_command(parse_options, dispatch_command)
  File "/usr/lib/python2.7/site-packages/MgaRepo/command.py", line 39, in do_command
  File "/usr/bin/mgarepo", line 76, in dispatch_command
    repsys_module = __import__("MgaRepo.commands."+command)
  File "/usr/lib/python2.7/site-packages/MgaRepo/commands/co.py", line 4, in <module>
    from MgaRepo.rpmutil import checkout
  File "/usr/lib/python2.7/site-packages/MgaRepo/rpmutil.py", line 3, in <module>
    from MgaRepo import mirror, layout, log, binrepo
  File "/usr/lib/python2.7/site-packages/MgaRepo/mirror.py", line 6, in <module>
    from MgaRepo import Error, config, layout
  File "/usr/lib/python2.7/site-packages/MgaRepo/layout.py", line 7, in <module>
    from MgaRepo.svn import SVN
  File "/usr/lib/python2.7/site-packages/MgaRepo/svn.py", line 2, in <module>
    from MgaRepo.util import execcmd, get_auth
  File "/usr/lib/python2.7/site-packages/MgaRepo/util.py", line 12, in <module>
    import httplib2
  File "/usr/lib/python2.7/site-packages/httplib2/__init__.py", line 921, in <module>
    class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
AttributeError: 'module' object has no attribute 'HTTPSConnection'

Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok feedback

Comment 5 David Walser 2016-03-01 21:05:54 CET
Some Googling suggests this is an ABI breakage and python, specifically this file:

would need rebuilding to fix this, but I'm thinking maybe the ABI breakage wasn't intended, or maybe it's necessitated by the SSLv2 removal, as this message suggests:

CC: (none) => makowski.mageia

Comment 6 David Walser 2016-03-01 23:57:19 CET
Indeed, the ABI is missing some symbols, which is breaking things that call SSLv2 functions.  In Cauldron, people have already noted that python3 and qtnetwork are also broken.
Thomas Backlund 2016-03-02 08:55:45 CET

Blocks: (none) => 17862

Comment 7 Thomas Backlund 2016-03-02 08:59:44 CET
Yeah, also stunnel... I wonder what the best way out of this is...

maybe restoring ABI but blocking the calls or just rebuild stuff we know depend on it (can become a long list) and wait for the fallout of "less known package breakages" ...

wonder what upstream and other distros plans to do...
Comment 8 Oden Eriksson 2016-03-02 09:10:52 CET
These symbols are missing:


CC: (none) => oe
Blocks: 17862 => (none)

Comment 9 Oden Eriksson 2016-03-02 09:11:35 CET
RHEL6 updates solved this differently.
Comment 10 Thomas Backlund 2016-03-02 09:18:22 CET
Looking at Fedora they list 397 packages needing rebuild :)
Comment 11 Thomas Backlund 2016-03-02 10:06:31 CET
I've re-enabled ssl2 tu unbreak ABI.

According to this commit:

openssl should still be safe / not vulnerable to the DROWN attack
Comment 12 Thomas Backlund 2016-03-02 10:06:48 CET
(to be verified)
Comment 13 Thomas Backlund 2016-03-02 11:13:50 CET
New rounds of tests for:


from :


Whiteboard: has_procedure mga5-32-ok mga5-64-ok feedback => has_procedure

Comment 14 David Walser 2016-03-02 14:21:42 CET
Actually for Cauldron we should disable SSLv2 and rebuild things.  Pascal has the umeabot ready to go for that.  Debian has already done it a while ago.  For us, there's no better time than the present.
Comment 15 Thomas Backlund 2016-03-02 14:26:46 CET
Yeah, I thought about that after enabling it... it's the sane thing to do.
For mga5 we will keep ssl2 to minimize breakage, but lets do it for cauldron

I dont have access to my ssh host now, so feel free disable it again and start the rebuild process...
Comment 16 David Walser 2016-03-02 14:55:07 CET
FYI, according to this article:

we're also not vulnerable to DROWN / CVE-2016-0800 in our default configuration either, because before Mageia 5's release, I added the same patch Fedora used to disable SSLv2 and SSLv3.
Comment 17 David Walser 2016-03-02 15:20:56 CET
Ran the same tests as before.  459 and 4561 connections for s_time and the speed test looks pretty much the same.  mgarepo still works :D

Whiteboard: has_procedure => has_procedure MGA5-32-OK

Comment 18 claire robinson 2016-03-02 17:00:37 CET
Re-testing mga5 64. Good catch David. We should add some application to test as part of the procedure.
Comment 19 David Walser 2016-03-02 17:03:56 CET
(In reply to claire robinson from comment #18)
> Re-testing mga5 64. Good catch David. We should add some application to test
> as part of the procedure.

I guess stunnel would work, since we've tested that before.
Comment 20 claire robinson 2016-03-02 17:29:49 CET

$ stunnel
[.] stunnel 5.03 on x86_64-mageia-linux-gnu platform
[.] Compiled with OpenSSL 1.0.2d 9 Jul 2015
[.] Running  with OpenSSL 1.0.2g  1 Mar 2016
[.] Update OpenSSL shared libraries or rebuild stunnel
[ ] errno: (*__errno_location ())
[.] Reading configuration from file /etc/stunnel/stunnel.conf
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing service [pop3s]
[ ] Loading cert from file: /etc/pki/tls/certs/stunnel.pem
[ ] Loading key from file: /etc/pki/tls/private/stunnel.pem
[!] error queue: 140B0002: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
[!] error queue: 20074002: error:20074002:BIO routines:FILE_CTRL:system lib
[!] SSL_CTX_use_PrivateKey_file: 200100D: error:0200100D:system library:fopen:Permission denied
[!] Service [pop3s]: Failed to initialize SSL context
Comment 21 claire robinson 2016-03-02 17:32:08 CET
Needs some config, using https://bugs.mageia.org/show_bug.cgi?id=12943#c8 as a guide..
Comment 22 David Walser 2016-03-02 17:32:45 CET
Hopefully freeradius still works.
Comment 23 claire robinson 2016-03-02 17:39:02 CET
Edited /etc/stunnel/stunnel.conf - uncommented the https section and changed the 'accept' port it listens on to 4443 from 443.

Run as root

# stunnel
# netstat -pant | grep :4443
tcp   0    0  *       LISTEN      16345/stunnel

Enough to show it is listening. Standard openssl tests complete without error too so adding the OK.

We'll need an advisory please, whoever is providing it.

Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK mga5-64-ok

Comment 24 David Walser 2016-03-02 17:54:20 CET

Update openssl packages fix security vulnerabilities:

Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from
Technion and Tel Aviv University, and Nadia Heninger from the University of
Pennsylvania discovered a side-channel attack which makes use of cache-bank
conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local
attackers to recover RSA private keys (CVE-2016-0702).

Adam Langley from Google discovered a double free bug when parsing malformed
DSA private keys. This could allow remote attackers to cause a denial of
service or memory corruption in applications parsing DSA private keys
received from untrusted sources (CVE-2016-0705).

Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn
functions that can lead to a NULL pointer dereference and heap corruption.
This could allow remote attackers to cause a denial of service or memory
corruption in applications processing hex or dec data received from untrusted
sources (CVE-2016-0797).

Emilia Käsper of the OpenSSL development team discovered a memory leak in the
SRP database lookup code. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to the SRP_VBASE_get1_by_user function

Guido Vranken discovered an integer overflow in the BIO_*printf functions
that could lead to an OOB read when printing very long strings. Additionally
the internal doapr_outch function can attempt to write to an arbitrary memory
location in the event of a memory allocation failure. These issues will only
occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit
systems. This could allow remote attackers to cause a denial of service or
memory corruption in applications that pass large amounts of untrusted data
to the BIO_*printf functions (CVE-2016-0799).

Note that Mageia is not vulnerable to the DROWN issue, also known as
CVE-2016-0800, in its default configuration, as SSLv2 was disabled by
default in Mageia 5.  However, upstream mitigations for DROWN have also been
incorporated into this update, protecting systems that may have enabled it.

Comment 25 claire robinson 2016-03-02 18:24:05 CET
Advisory uploaded. Holding off validating until it's been better tested against some applications.
claire robinson 2016-03-02 18:24:24 CET

Whiteboard: has_procedure MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok

Comment 26 claire robinson 2016-03-02 18:26:10 CET
I suppose anything from here would do the job

$ urpmq --whatrequires lib64openssl1.0.0
Comment 27 claire robinson 2016-03-02 18:36:00 CET
zoneminder, sslscan, owncloud-client all OK. Did you confirm freeradius?
Comment 28 David Walser 2016-03-02 18:37:41 CET
I've never actually used it (only been meaning to for 10+ years, but haven't gotten around to it).  It has been sensitive to openssl updates in the past.
Comment 29 claire robinson 2016-03-02 19:01:58 CET
Basics from here https://bugs.mageia.org/show_bug.cgi?id=8726#c2

Installed freeradius freeradius-mysql & lib64freeradius1

Commented make_cert_command = "${certdir}/bootstrap" in /etc/raddb/eap.conf

# radiusd -CX 

shows Configuration appears to be OK.

# systemctl start radiusd.service 
# systemctl status radiusd.service 
â radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled)
   Active: active (running) since Wed 2016-03-02 17:59:19 GMT; 4s ago
  Process: 17480 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
  Process: 17478 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
 Main PID: 17483 (radiusd)
   CGroup: /system.slice/radiusd.service
           ââ17483 /usr/sbin/radiusd -d /etc/raddb

# echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users
# systemctl restart radiusd.service
# radtest testing password 0 testing123
Sending Access-Request of id 58 to port 1812
        User-Name = "testing"
        User-Password = "password"
        NAS-IP-Address =
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host port 1812, id=58, length=20
Comment 30 claire robinson 2016-03-02 19:02:33 CET
Validating. Please push to 5 updates. Thanks.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 31 Mageia Robot 2016-03-02 19:30:38 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.