Bug 19501 - ruby new security issue CVE-2016-7798
Summary: ruby new security issue CVE-2016-7798
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/703466/
Whiteboard: has_procedure MGA5-64-OK advisory MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-10-01 16:25 CEST by David Walser
Modified: 2016-10-13 19:57 CEST (History)
4 users (show)

See Also:
Source RPM: ruby-2.2.5-14.mga6.src.rpm
CVE:
Status comment:


Attachments
updated test_cipher.rb verifying the fix (7.44 KB, text/plain)
2016-10-03 23:13 CEST, Pascal Terjan
Details
self contained test_cipher.rb verifying the fix (31.56 KB, text/plain)
2016-10-09 01:53 CEST, Pascal Terjan
Details
updated self contained test_cipher.rb verifying the fix (31.58 KB, text/plain)
2016-10-10 01:13 CEST, Pascal Terjan
Details

Description David Walser 2016-10-01 16:25:24 CEST
A CVE has been assigned for a security issue fixed upstream in ruby-openssl:
http://openwall.com/lists/oss-security/2016/10/01/2

ruby-openssl is bundled in the ruby package.  The commit to fix the issue is linked in the message above.  I took a quick look and it appears that the patch would need significant work to rediff for the version we have.

I also noticed that ruby-net-ssh and jruby have an openssl.rb which may also contain the affected code.
David Walser 2016-10-01 16:25:36 CEST

Whiteboard: (none) => MGA5TOO

Pascal Terjan 2016-10-03 22:25:01 CEST

Status: NEW => ASSIGNED

Comment 1 Pascal Terjan 2016-10-03 23:04:50 CEST
ruby-2.0.0.p648-1.1.mga5 is available in updates_testing, I'll look at the rest and provide testing instructions.
Comment 2 Pascal Terjan 2016-10-03 23:13:21 CEST
Created attachment 8486 [details]
updated test_cipher.rb verifying the fix

Validation is done by running the new test_cipher.rb which I am attaching here for convenience.
With the old ruby it reports 2 errors, while it passes with the new one.
As it gets run during build, I am not sure there is more to verify.
Comment 3 Pascal Terjan 2016-10-03 23:24:50 CEST
ruby-net-ssh's openssl.rb loads the shared openssl.rb from ruby package.

jruby's openssl.rb loads a java implementation (jopenssl.jar) which is unlikely to have a similar bug.
Comment 4 Pascal Terjan 2016-10-09 01:53:16 CEST
To verify the fix, run the attached test_cipher.rb (ruby test_cipher.rb). Without the fix you should get 2 failures, with the fix you should get all tests passing.

Suggested advisory:
========================

Updated ruby packages fix a security vulnerability:

A bug in openssl module caused using an all 0 IV for AES-GCM ciphers in some cases (when setting a key, an iv, and then setting a key a again (CVE-2016-7798).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
https://github.com/ruby/openssl/issues/49
========================

Updated packages in core/updates_testing:
========================
lib(64)ruby2.0-2.0.0.p648-1.1.mga5
ruby-2.0.0.p648-1.1.mga5
ruby-devel-2.0.0.p648-1.1.mga5
ruby-doc-2.0.0.p648-1.1.mga5
ruby-irb-2.0.0.p648-1.1.mga5
ruby-tk-2.0.0.p648-1.1.mga5

Source RPMs: 
ruby-2.0.0.p648-1.1.mga5.src.rpm
Comment 5 Pascal Terjan 2016-10-09 01:53:57 CEST
Created attachment 8509 [details]
self contained test_cipher.rb verifying the fix

Attachment 8486 is obsolete: 0 => 1

Pascal Terjan 2016-10-09 01:56:17 CEST

Assignee: pterjan => qa-bugs

Comment 6 Nicolas Lécureuil 2016-10-09 09:54:18 CEST
test for mga5-64:

test w/o the fix:
17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

test w the fix: 


$ ruby test_cipher.rb 
Loaded suite test_cipher
Started
............F
===============================================================================
Failure:
test_empty_data(OpenSSL::TestCipher)
test_cipher.rb:824:in `test_empty_data'
     821: 
     822:   def test_empty_data
     823:     @c1.encrypt
  => 824:     assert_raise(ArgumentError){ @c1.update("") }
     825:   end
     826: 
     827:   def test_initialize

<ArgumentError> expected but was
<OpenSSL::Cipher::CipherError(<key not set>)>

diff:
? Argument                  Error               
? Op     SSL::Cipher::Cipher     (<key not set>)
===============================================================================
....

Finished in 0.038256731 seconds.

17 tests, 238 assertions, 1 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
94.1176% passed

444.37 tests/s, 6221.13 assertions/s

CC: (none) => mageia

Comment 7 Nicolas Lécureuil 2016-10-09 09:55:10 CEST
test w/o  the fix:

$ ruby test_cipher.rb                                                                                                                  
Loaded suite test_cipher                                                                                                                                     
Started
..F
===============================================================================
Failure:
test_aes_gcm_key_iv_order_issue(OpenSSL::TestCipher)
test_cipher.rb:991:in `test_aes_gcm_key_iv_order_issue'
     988:       ct2 = cipher.update(pt) << cipher.final
     989:       tag2 = cipher.auth_tag
     990: 
  => 991:       assert_equal ct1, ct2
     992:       assert_equal tag1, tag2
     993:     end if has_cipher?("aes-128-gcm")
     994:   end
<"$\xF8\x17\xCC\xF6\x04\x15\x02^\xBCb\xC4Q*\x0E\xCF\x1E\xA1P\b\xD1\x9C\xF5\xD5\x8A%\xF2\x16I\x11\xC7\v\x9F\xCE\xC1\xA5$\x0F\"W3\xFC\xDA\xE0"> expected but was
<"\xE0{\xD8\xB9\x90\xFB\fL\e\xE2\v\xA2\xDCd\xECkOA\x18l\xFE\xBF\x0Es \xC6\x960w\xF0\xB8H\xFD\x03.ELR\x9C\xE8\x9A\xEA\xF7\xD6">

diff:
? $���^�b�Q*        ���         ��Õ%�I�
                                       ���$"W3���
? �{ع��
       L
        ��d�kOAâl�� s Æ0w��H�.ELR �����                 
===============================================================================
.............F
===============================================================================
Failure: <OpenSSL::Cipher::CipherError> exception expected but none was thrown.
test_update_raise_if_key_not_set(OpenSSL::TestCipher)
test_cipher.rb:873:in `test_update_raise_if_key_not_set'
     870:     end
     871: 
     872:     def test_update_raise_if_key_not_set
  => 873:       assert_raise(OpenSSL::Cipher::CipherError) do
     874:         # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
     875:         OpenSSL::Cipher::AES128.new("ECB").update "." * 17
     876:       end
===============================================================================


Finished in 0.05533721 seconds.

17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

307.21 tests/s, 4282.83 assertions/s
Nicolas Lécureuil 2016-10-09 10:36:29 CEST

Version: Cauldron => 5

Nicolas Lécureuil 2016-10-09 11:18:03 CEST

Whiteboard: MGA5TOO => MGA5TOO has_procedure

Comment 8 Len Lawrence 2016-10-09 11:25:05 CEST
Confirmed the one failure after the update on x86_64.

CC: (none) => tarazed25

Comment 9 Pascal Terjan 2016-10-09 11:35:57 CEST
Sorry about that, this failure makes sense as it now detects there is no key before even noticing there is no data so it shows the fix is working and the test should be updated to set a key.

I wonder why it did not happen during the build :(

CC: (none) => pterjan

Comment 10 Pascal Terjan 2016-10-09 11:44:12 CEST
Hmm it seems running "make check" runs much more tests (about 16 thousand more) than "make test" called in the package and finds a few more broken ones due to other patches (18 failures in total, mostly about gems)...

Assignee: qa-bugs => pterjan

David Walser 2016-10-09 19:42:37 CEST

Whiteboard: MGA5TOO has_procedure => has_procedure

Comment 11 Pascal Terjan 2016-10-10 01:13:34 CEST
Created attachment 8511 [details]
updated self contained test_cipher.rb verifying the fix

Attachment 8509 is obsolete: 0 => 1

Comment 12 Pascal Terjan 2016-10-10 01:14:20 CEST
I updated the test, but now working on cauldron package to make sure we run all tests at build time and fix some of them.
Comment 13 Nicolas Lécureuil 2016-10-10 09:45:33 CEST
with current ruby:

$ ruby test_cipher.rb
Loaded suite test_cipher
Started
..F
===============================================================================
Failure:
test_aes_gcm_key_iv_order_issue(OpenSSL::TestCipher)
test_cipher.rb:992:in `test_aes_gcm_key_iv_order_issue'
     989:       ct2 = cipher.update(pt) << cipher.final
     990:       tag2 = cipher.auth_tag
     991: 
  => 992:       assert_equal ct1, ct2
     993:       assert_equal tag1, tag2
     994:     end if has_cipher?("aes-128-gcm")
     995:   end
<"$\xF8\x17\xCC\xF6\x04\x15\x02^\xBCb\xC4Q*\x0E\xCF\x1E\xA1P\b\xD1\x9C\xF5\xD5\x8A%\xF2\x16I\x11\xC7\v\x9F\xCE\xC1\xA5$\x0F\"W3\xFC\xDA\xE0"> expected but was
<"\xE0{\xD8\xB9\x90\xFB\fL\e\xE2\v\xA2\xDCd\xECkOA\x18l\xFE\xBF\x0Es \xC6\x960w\xF0\xB8H\xFD\x03.ELR\x9C\xE8\x9A\xEA\xF7\xD6">

diff:
? $���^�b�Q*        ���         ��Õ%�I�
                                       ���$"W3���
? �{ع��
       L
        ��d�kOAâl�� s Æ0w��H�.ELR �����                 
===============================================================================
.............F
===============================================================================
Failure: <OpenSSL::Cipher::CipherError> exception expected but none was thrown.
test_update_raise_if_key_not_set(OpenSSL::TestCipher)
test_cipher.rb:874:in `test_update_raise_if_key_not_set'
     871:     end
     872: 
     873:     def test_update_raise_if_key_not_set
  => 874:       assert_raise(OpenSSL::Cipher::CipherError) do
     875:         # it caused OpenSSL SEGV by uninitialized key [Bug #2768]
     876:         OpenSSL::Cipher::AES128.new("ECB").update "." * 17
     877:       end
===============================================================================


Finished in 0.039533178 seconds.

17 tests, 237 assertions, 2 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
88.2353% passed

430.02 tests/s, 5994.96 assertions/s

with fixed ruby:


$ ruby test_cipher.rb
Loaded suite test_cipher
Started
.................

Finished in 0.034317457 seconds.

17 tests, 238 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed

495.37 tests/s, 6935.25 assertions/s



update ok for me on x86_64

Whiteboard: has_procedure => has_procedure MGA5-64-OK

Nicolas Lécureuil 2016-10-10 09:47:27 CEST

Assignee: pterjan => qa-bugs

Nicolas Lécureuil 2016-10-12 11:10:49 CEST

Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisory

Comment 14 Len Lawrence 2016-10-12 18:51:56 CEST
Tested this on i586 in virtualbox.

2 failures before the update, none afterwards.
$ ruby test_cipher.rb
Loaded suite test_cipher
Started
.................

Finished in 0.017511517 seconds.
------
17 tests, 238 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
100% passed
------
970.79 tests/s, 13591.06 assertions/s
Len Lawrence 2016-10-12 18:52:15 CEST

Whiteboard: has_procedure MGA5-64-OK advisory => has_procedure MGA5-64-OK advisory MGA5-32-OK

Len Lawrence 2016-10-12 18:52:43 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2016-10-13 09:21:37 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0342.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-10-13 19:57:33 CEST

URL: (none) => http://lwn.net/Vulnerabilities/703466/


Note You need to log in before you can comment on or make changes to this bug.