Upstream has issued an advisory today (September 22): https://www.openssl.org/news/secadv/20160922.txt The issues are fixed upstream in 1.0.2i. Debian has issued an advisory for this today: https://www.debian.org/security/2016/dsa-3673
Updated packages uploaded for Mageia 5 and Cauldron. Testing procedure: https://wiki.mageia.org/en/QA_procedure:Openssl Advisory: ======================== Updated openssl packages fix security vulnerabilities: Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic (CVE-2016-2177). Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code (CVE-2016-2178). Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS (CVE-2016-2179, CVE-2016-2181). Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec() and MDC2_Update() (CVE-2016-2180, CVE-2016-2182, CVE-2016-6303). DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack (CVE-2016-2183). Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service (CVE-2016-6302). Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion (CVE-2016-6304). Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service (CVE-2016-6306). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306 https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ https://www.debian.org/security/2016/dsa-3673 ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.2i-1.mga5 libopenssl-engines1.0.0-1.0.2i-1.mga5 libopenssl1.0.0-1.0.2i-1.mga5 libopenssl-devel-1.0.2i-1.mga5 libopenssl-static-devel-1.0.2i-1.mga5 from openssl-1.0.2i-1.mga5.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: (none) => has_procedure
*** Bug 18661 has been marked as a duplicate of this bug. ***
There was a regression in 1.0.2i, fixed in 1.0.2j: https://www.openssl.org/news/secadv/20160926.txt Updated packages in core/updates_testing: ======================== openssl-1.0.2j-1.mga5 libopenssl-engines1.0.0-1.0.2j-1.mga5 libopenssl1.0.0-1.0.2j-1.mga5 libopenssl-devel-1.0.2j-1.mga5 libopenssl-static-devel-1.0.2j-1.mga5 from openssl-1.0.2j-1.mga5.src.rpm
Testing M5-64 # urpmi apache-mod_ssl # systemctl restart httpd.service apache-mod_ssl-2.4.10-16.4.mga5 lib64openssl1.0.0-1.0.2j-1.mga5 lib64openssl-devel-1.0.2j-1.mga5 lib64openssl-engines1.0.0-1.0.2j-1.mga5 openssl-1.0.2j-1.mga5 Used the procedure https://wiki.mageia.org/en/QA_procedure:Openssl cross-referenced to https://bugs.mageia.org/show_bug.cgi?id=18341#c9 # openssl version -a OpenSSL 1.0.2j 26 Sep 2016 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(8x,int) des(idx,cisc,16,int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS etc etc engines: dynamic # openssl ciphers -v outputs
CC: (none) => lewyssmith
[continued] ... a *long* list. # openssl ciphers -v -tls1 # openssl ciphers -v 'HIGH' # openssl ciphers -v 'AES+HIGH' all output long lists. # openssl speed Doing mdc2 for 3s on 16 size blocks: 1523544 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 407943 mdc2's in 3.00s Doing mdc2 for 3s on 256 size blocks: 103829 mdc2's in 2.99s Doing mdc2 for 3s on 1024 size blocks: 26024 mdc2's in 3.00s Doing mdc2 for 3s on 8192 size blocks: 3261 mdc2's in 3.00s etc etc to 163 bit ecdh (nistb163) 0.0020s 508.3 233 bit ecdh (nistb233) 0.0027s 366.3 283 bit ecdh (nistb283) 0.0063s 159.4 409 bit ecdh (nistb409) 0.0142s 70.6 571 bit ecdh (nistb571) 0.0311s 32.1 outputs a large amount of results, and takes forever. # openssl speed rsa -multi 2 Forked child 0 Forked child 1 +DTP:512:private:rsa:10 +DTP:512:private:rsa:10 etc etc to rsa 512 bits 0.000225s 0.000018s 4449.4 54887.2 rsa 1024 bits 0.000927s 0.000040s 1078.7 24961.2 rsa 2048 bits 0.005252s 0.000147s 190.4 6805.6 rsa 4096 bits 0.036209s 0.000545s 27.6 1834.9 [Start the server] # openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT 140121275352720:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT ? Is the error acceptable? From a different terminal... [as per the cross-referenced tests] # openssl s_time -connect localhost:443 No CIPHER specified Collecting connection statistics for 30 seconds ******************************************************************************** et seq to 2488 connections in 4.95s; 502.63 connections/user sec, bytes read 0 2488 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr et seq to 10966 connections in 5.61s; 1954.72 connections/user sec, bytes read 0 10966 connections in 31 real seconds, 0 bytes read per connection [as per the Wiki procedure] # openssl s_time -connect localhost:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 140352903718544:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40 [Same error using port number 443] Does this failure matter? This is mostly OK, but I would prefer feedback on the two errors noted before OK'ing it. Other x64 testers can concentrate on those 2 issues.
The insecure SSLv3 protocol has been disabled, you shouldn't be using that.
(In reply to David Walser from comment #6) > The insecure SSLv3 protocol has been disabled, you shouldn't be using that. David: I did not do so consciously. It is true that both errors were ssl3 related. Can you advise what fiddling I can do to re-do the error tests without it? TIA
Look at the command you executed. You specifically requested SSLv3.
In VirtualBox, M5, KDE, 32-bit Package(s) under test: openssl apache-mod_ssl default install of openssl Start ssl server: [root@localhost wilcal]# openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT server starts [root@localhost wilcal]# urpmi openssl Package openssl-1.0.2h-1.mga5.i586 is already installed Marking openssl as manually installed, it won't be auto-orphaned writing /var/lib/rpm/installed-through-deps.list [root@localhost wilcal]# urpmi apache-mod_ssl Package apache-mod_ssl-2.4.10-16.4.mga5.i586 is already installed [root@localhost wilcal]# openssl version -a OpenSSL 1.0.2h 3 May 2016 built on: reproducible build, date unspecified platform: linux-elf options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx)...... [root@localhost wilcal]# openssl ciphers -v [root@localhost wilcal]# openssl ciphers -v -tls1 [root@localhost wilcal]# openssl ciphers -v 'HIGH' [root@localhost wilcal]# openssl ciphers -v 'AES+HIGH' [root@localhost wilcal]# openssl speed all work From another system on the LAN in a terminal: [root@localhost wilcal]# openssl s_time -connect 192.168.1.143:443 No CIPHER specified Collecting connection statistics for 30 seconds *************************************************......*********************** 3263 connections in 1.45s; 2250.34 connections/user sec, bytes read 0 3263 connections in 31 real seconds, 0 bytes read per connection From another system on the LAN, test system is at 192.168.143: [wilcal@localhost ~]$ openssl s_client -connect 192.168.1.143:443 CONNECTED(00000003) depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify return:1 --- Certificate chain........... Negotiates certs and keys. install openssl from updates_testing Start ssl server: [root@localhost wilcal]# openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT server starts [root@localhost wilcal]# urpmi openssl Package openssl-1.0.2j-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi apache-mod_ssl Package apache-mod_ssl-2.4.10-16.4.mga5.i586 is already installed [root@localhost wilcal]# openssl version -a OpenSSL 1.0.2j 26 Sep 2016 built on: reproducible build, date unspecified platform: linux-elf options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx)....... [root@localhost wilcal]# openssl ciphers -v [root@localhost wilcal]# openssl ciphers -v -tls1 [root@localhost wilcal]# openssl ciphers -v 'HIGH' [root@localhost wilcal]# openssl ciphers -v 'AES+HIGH' [root@localhost wilcal]# openssl speed all work From another system on the LAN in a terminal: [root@localhost wilcal]# openssl s_time -connect 192.168.1.143:443 No CIPHER specified Collecting connection statistics for 30 seconds ****************************************************........****************** 3275 connections in 1.37s; 2390.51 connections/user sec, bytes read 0 3275 connections in 31 real seconds, 0 bytes read per connection From another system on the LAN, test system is at 192.168.143: [wilcal@localhost ~]$ openssl s_client -connect 192.168.1.143:443 CONNECTED(00000003) depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify error:num=18:self signed certificate verify return:1 --- Certificate chain......... Negotiates certs and keys.
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Package(s) under test: openssl apache-mod_ssl default install of openssl Start ssl server: [root@localhost wilcal]# openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT server starts [root@localhost wilcal]# urpmi openssl Package openssl-1.0.2h-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi apache-mod_ssl Package apache-mod_ssl-2.4.10-16.4.mga5.x86_64 is already installed [[root@localhost wilcal]# openssl version -a OpenSSL 1.0.2h 3 May 2016 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)...... [root@localhost wilcal]# openssl ciphers -v [root@localhost wilcal]# openssl ciphers -v -tls1 [root@localhost wilcal]# openssl ciphers -v 'HIGH' [root@localhost wilcal]# openssl ciphers -v 'AES+HIGH' [root@localhost wilcal]# openssl speed all work From another system on the LAN in a terminal: [root@localhost wilcal]# openssl s_time -connect 192.168.1.141:443 No CIPHER specified Collecting connection statistics for 30 seconds *******************************************.........*************************** 8949 connections in 3.84s; 2330.47 connections/user sec, bytes read 0 8949 connections in 31 real seconds, 0 bytes read per connection From another system on the LAN, test system is at 192.168.141: [root@localhost wilcal]# openssl s_client -connect 192.168.1.141:443 CONNECTED(00000003) depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify return:1 --- Certificate chain........... Negotiates certs and keys. install openssl from updates_testing Start ssl server: [root@localhost wilcal]# openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT server starts [root@localhost wilcal]# urpmi openssl Package openssl-1.0.2j-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi apache-mod_ssl Package apache-mod_ssl-2.4.10-16.4.mga5.i586 is already installed [root@localhost wilcal]# openssl version -a OpenSSL 1.0.2j 26 Sep 2016 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)....... [root@localhost wilcal]# openssl ciphers -v [root@localhost wilcal]# openssl ciphers -v -tls1 [root@localhost wilcal]# openssl ciphers -v 'HIGH' [root@localhost wilcal]# openssl ciphers -v 'AES+HIGH' [root@localhost wilcal]# openssl speed all work From another system on the LAN in a terminal: [root@localhost wilcal]# openssl s_time -connect 192.168.1.141:443 No CIPHER specified Collecting connection statistics for 30 seconds ************************************************......****************** 8817 connections in 3.78s; 2332.54 connections/user sec, bytes read 0 8817 connections in 31 real seconds, 0 bytes read per connection From another system on the LAN, test system is at 192.168.141: [root@localhost wilcal]# openssl s_client -connect 192.168.1.141:443 CONNECTED(00000003) depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost.localdomain, OU = default httpd cert for localhost.localdomain, emailAddress = root@localhost.localdomain verify return:1 --- Certificate chain Negotiates certs and keys.
(In reply to David Walser from comment #8) > Look at the command you executed. You specifically requested SSLv3. Comment 5: I see what you mean - for the second ERROR: # openssl s_time -connect localhost:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 140352903718544:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1487:SSL alert number 40 I was following the Wiki procedure. But for the 1st error? # openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT 140121275352720:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT [which suggests it does not matter] @Bill: thanks for your more comprehensive testing. Since Bill did not get my 1st error, and has re-done the tests (& better), I am OK'ing this both architectures on his behalf; and validating the update. Advisory to follow.
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
(In reply to Lewis Smith from comment #11) > (In reply to David Walser from comment #8) > > Look at the command you executed. You specifically requested SSLv3. > Comment 5: I see what you mean - for the second ERROR: > # openssl s_time -connect localhost:4433 -www / -new -ssl3 > No CIPHER specified > Collecting connection statistics for 30 seconds > ERROR > 140352903718544:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert > handshake failure:s3_pkt.c:1487:SSL alert number 40 > > I was following the Wiki procedure. But for the 1st error? > # openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key > /etc/pki/tls/private/httpd.pem -www > Using default temp DH parameters > ACCEPT > 140121275352720:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong > version number:s3_srvr.c:960: > ACCEPT [which suggests it does not matter] > > @Bill: thanks for your more comprehensive testing. > > Since Bill did not get my 1st error, and has re-done the tests (& better), I > am OK'ing this both architectures on his behalf; and validating the update. > Advisory to follow. Lewis, I don't believe you get that error from the s_server command, but from the s_time command that follows it. Just don't specify -ssl3 there and it works fine.
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0338.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This update also fixed CVE-2016-7056 and CVE-2016-8610: https://lwn.net/Vulnerabilities/713046/