Bug 22934 - openssl new security issues CVE-2018-073[27]
Summary: openssl new security issues CVE-2018-073[27]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-04-21 23:12 CEST by David Walser
Modified: 2018-09-02 21:08 CEST (History)
7 users (show)

See Also:
Source RPM: openssl-1.0.2o-1.mga6.src.rpm
CVE: CVE-2018-0732, CVE-2018-0737
Status comment: Will be fixed upstream in 1.0.2p


Attachments

Description David Walser 2018-04-21 23:12:28 CEST
Upstream has issued an advisory on April 16:
https://www.openssl.org/news/secadv/20180416.txt

The issue is discussed in more depth in this thread:
http://openwall.com/lists/oss-security/2018/04/16/3

Ubuntu has issued an advisory for this on April 19:
https://usn.ubuntu.com/3628-1/

It will be fixed in the next OpenSSL release(s).
Comment 1 Marja Van Waes 2018-04-22 12:05:38 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11, nicolas.salguero
Assignee: bugsquad => pkg-bugs

David Walser 2018-05-04 08:40:32 CEST

Status comment: (none) => Will be fixed upstream in 1.0.2p

Comment 2 David Walser 2018-06-26 23:12:22 CEST
Upstream has issued an advisory on June 12:
https://www.openssl.org/news/secadv/20180612.txt

Ubuntu has issued an advisory for this today (June 26):
https://usn.ubuntu.com/3692-1/

It also lists CVE-2018-0495, a libgcrypt issue that I've read elsewhere doesn't affect OpenSSL, so I'm not sure where they got that from or what they did for that.

As for the new issue in this comment (CVE-2018-0732), it will also be fixed in the next OpenSSL release(s).

Summary: openssl new security issue CVE-2018-0737 => openssl new security issues CVE-2018-073[27]

Comment 3 David Walser 2018-08-15 12:17:15 CEST
OpenSSL 1.0.2p and 1.1.0i have been released on August 14, fixing these:
https://www.openssl.org/
https://www.openssl.org/news/vulnerabilities.html
Comment 4 Nicolas Salguero 2018-08-27 13:29:03 CEST
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732)

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). (CVE-2018-0737)

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
https://www.openssl.org/news/secadv/20180612.txt
https://usn.ubuntu.com/3692-1/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
https://www.openssl.org/news/secadv/20180416.txt
http://openwall.com/lists/oss-security/2018/04/16/3
https://usn.ubuntu.com/3628-1/
========================

Updated packages in core/updates_testing:
========================
openssl-1.0.2p-1.mga6
lib(64)openssl-engines1.0.0-1.0.2p-1.mga6
lib(64)openssl1.0.0-1.0.2p-1.mga6
lib(64)openssl-devel-1.0.2p-1.mga6
lib(64)openssl-static-devel-1.0.2p-1.mga6
openssl-perl-1.0.2p-1.mga6

from SRPMS:
openssl-1.0.2p-1.mga6.src.rpm

Assignee: pkg-bugs => qa-bugs
CVE: (none) => CVE-2018-0732, CVE-2018-0737
Status: NEW => ASSIGNED
Version: Cauldron => 6

Comment 5 Nicolas Salguero 2018-08-27 13:54:48 CEST
For Cauldron, a test is failing:
"""
../test/recipes/80-test_cms.t .............. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/4 subtests
"""
and I do not know how to correct that problem.
Comment 6 Herman Viaene 2018-08-28 15:23:16 CEST
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Followed tests as per https://wiki.mageia.org/en/QA_procedure:Openssl
at CLI:
$ openssl version -a
OpenSSL 1.0.2p  14 Aug 2018
built on: reproducible build, date unspecified
platform: linux-elf
options:  bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic 
$ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
and a lot more
$ openssl speed
Doing mdc2 for 3s on 16 size blocks: 608758 mdc2's in 2.60s
Doing mdc2 for 3s on 64 size blocks: 172520 mdc2's in 2.69s
Doing mdc2 for 3s on 256 size blocks: 42269 mdc2's in 2.58s
Doing mdc2 for 3s on 1024 size blocks: 10692 mdc2's in 2.60s
Doing mdc2 for 3s on 8192 size blocks: 1350 mdc2's in 2.62s
Doing md4 for 3s on 16 size blocks: 2525784 md4's in 2.29s
Doing md4 for 3s on 64 size blocks: 1710518 md4's in 1.87s
Doing md4 for 3s on 256 size blocks: 1276487 md4's in 2.10s
and so on
]$ openssl s_time -connect <myserver>:443
No CIPHER specified
Collecting connection statistics for 30 seconds
1724 connections in 14.80s; 116.49 connections/user sec, bytes read 0
1724 connections in 31 real seconds, 0 bytes read per connection


Now timing with session id reuse.
starting
12068 connections in 6.31s; 1912.52 connections/user sec, bytes read 0
12068 connections in 31 real seconds, 0 bytes read per connection
seems all OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Comment 7 Herman Viaene 2018-08-28 15:26:55 CEST
Wrong first line, should be:
MGA6-32 on IBM Thinkpad R50e
Comment 8 peter winterflood 2018-08-30 21:26:14 CEST
x86_64 plasma install
amd 1950X - asus prime x399

i wont include all the data its just spam

openssl speed rsa
Doing 512 bit private rsa's for 10s: 255143 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 3660731 512 bit public RSA's in 10.00s
Doing 1024 bit private rsa's for 10s: 90732 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 1457374 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 13411 2048 bit private RSA's in 10.00s
Doing 2048 bit public rsa's for 10s: 476996 2048 bit public RSA's in 10.00s
Doing 4096 bit private rsa's for 10s: 2002 4096 bit private RSA's in 10.00s
Doing 4096 bit public rsa's for 10s: 130395 4096 bit public RSA's in 10.00s
OpenSSL 1.0.2p  14 Aug 2018
built on: reproducible build, date unspecified
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -Wa,--noexecstack -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000039s 0.000003s  25514.3 366073.1
rsa 1024 bits 0.000110s 0.000007s   9073.2 145737.4
rsa 2048 bits 0.000746s 0.000021s   1341.1  47699.6
rsa 4096 bits 0.004995s 0.000077s    200.2  13039.5
[root@localhost ~]# openssl speed
Doing mdc2 for 3s on 16 size blocks: 3663143 mdc2's in 3.00s
Doing mdc2 for 3s on 64 size blocks: 1012611 mdc2's in 3.00s
Doing mdc2 for 3s on 256 size blocks: 258814 mdc2's in 3.00s
Doing mdc2 for 3s on 1024 size blocks: 65267 mdc2's in 3.00s
Doing mdc2 for 3s on 8192 size blocks: 8154 mdc2's in 3.00s
Doing md4 for 3s on 16 size blocks: 19878748 md4's in 3.00s
Doing md4 for 3s on 64 size blocks: 15242580 md4's in 3.00s
Doing md4 for 3s on 256 size blocks: 8900956 md4's in 3.00s
Doing md4 for 3s on 1024 size blocks: 3270663 md4's in 3.00s
Doing md4 for 3s on 8192 size blocks: 481863 md4's in 3.00s
Doing md5 for 3s on 16 size blocks: 14590303 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 10505991 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 5542089 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 2034350 md5's in 2.99s
Doing md5 for 3s on 8192 size blocks: 290408 md5's in 3.00s
Doing hmac(md5) for 3s on 16 size blocks: 11155301 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 64 size blocks: 8765306 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 256 size blocks: 5185846 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 1024 size blocks: 1968683 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 8192 size blocks: 286582 hmac(md5)'s in 3.00s
Doing sha1 for 3s on 16 size blocks: 22656484 sha1's in 3.00s
Doing sha1 for 3s on 64 size blocks: 18749565 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 11936896 sha1's in 3.00s
Doing sha1 for 3s on 1024 size blocks: 4857800 sha1's in 3.00s
Doing sha1 for 3s on 8192 size blocks: 750002 sha1's in 3.00s
Doing sha256 for 3s on 16 size blocks: 46977172 sha256's in 3.00s
Doing sha256 for 3s on 64 size blocks: 29747929 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 15250930 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 5175662 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 718870 sha256's in 3.00s
Doing sha512 for 3s on 16 size blocks: 10704637 sha512's in 3.00s
Doing sha512 for 3s on 64 size blocks: 10477188 sha512's in 3.00s
Doing sha512 for 3s on 256 size blocks: 4465239 sha512's in 3.00s
Doing sha512 for 3s on 1024 size blocks: 1681254 sha512's in 3.00s
Doing sha512 for 3s on 8192 size blocks: 250678 sha512's in 3.00s
Doing whirlpool for 3s on 16 size blocks: 7895139 whirlpool's in 3.00s
Doing whirlpool for 3s on 64 size blocks: 4250466 whirlpool's in 3.00s
Doing whirlpool for 3s on 256 size blocks: 1802823 whirlpool's in 3.00s
Doing whirlpool for 3s on 1024 size blocks: 543336 whirlpool's in 3.00s
Doing whirlpool for 3s on 8192 size blocks: 72277 whirlpool's in 3.00s
Doing rmd160 for 3s on 16 size blocks: 9507673 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 5799005 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 2637558 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 828147 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 112502 rmd160's in 3.00s
Doing rc4 for 3s on 16 size blocks: 95838250 rc4's in 3.00s
Doing rc4 for 3s on 64 size blocks: 26512293 rc4's in 3.00s
Doing rc4 for 3s on 256 size blocks: 6045594 rc4's in 3.00s
Doing rc4 for 3s on 1024 size blocks: 1452657 rc4's in 3.00s
Doing rc4 for 3s on 8192 size blocks: 180253 rc4's in 3.00s
Doing des cbc for 3s on 16 size blocks: 16575981 des cbc's in 3.00s
Doing des cbc for 3s on 64 size blocks: 4279262 des cbc's in 3.00s
Doing des cbc for 3s on 256 size blocks: 1086223 des cbc's in 3.00s
Doing des cbc for 3s on 1024 size blocks: 264768 des cbc's in 3.00s
Doing des cbc for 3s on 8192 size blocks: 33361 des cbc's in 3.00s
Doing des ede3 for 3s on 16 size blocks: 6362731 des ede3's in 3.00s
Doing des ede3 for 3s on 64 size blocks: 1625995 des ede3's in 3.00s
Doing des ede3 for 3s on 256 size blocks: 407114 des ede3's in 3.00s
Doing des ede3 for 3s on 1024 size blocks: 102143 des ede3's in 3.00s
Doing des ede3 for 3s on 8192 size blocks: 12767 des ede3's in 3.00s
Doing aes-128 cbc for 3s on 16 size blocks: 32670015 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 8553495 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 2245307 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 1111346 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 140363 aes-128 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16 size blocks: 27544333 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 64 size blocks: 7257329 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 256 size blocks: 1872731 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 1024 size blocks: 947788 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 8192 size blocks: 120353 aes-192 cbc's in 3.00s
Doing aes-256 cbc for 3s on 16 size blocks: 24003797 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 64 size blocks: 6253556 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 1603348 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 826433 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 104309 aes-256 cbc's in 3.00s
Doing aes-128 ige for 3s on 16 size blocks: 31654484 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 64 size blocks: 8138188 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 256 size blocks: 2088588 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 1024 size blocks: 524615 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 8192 size blocks: 65001 aes-128 ige's in 3.00s
Doing aes-192 ige for 3s on 16 size blocks: 27292353 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 64 size blocks: 6939949 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 256 size blocks: 1745524 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 1024 size blocks: 442124 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 8192 size blocks: 55168 aes-192 ige's in 3.00s
Doing aes-256 ige for 3s on 16 size blocks: 23714890 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 64 size blocks: 5933657 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 256 size blocks: 1505703 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 1024 size blocks: 381197 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 8192 size blocks: 47657 aes-256 ige's in 3.00s
Doing ghash for 3s on 16 size blocks: 282995937 ghash's in 3.00s
Doing ghash for 3s on 64 size blocks: 194997982 ghash's in 3.00s
Doing ghash for 3s on 256 size blocks: 85871158 ghash's in 3.00s
Doing ghash for 3s on 1024 size blocks: 25610038 ghash's in 3.00s
Doing ghash for 3s on 8192 size blocks: 3365758 ghash's in 3.00s
Doing camellia-128 cbc for 3s on 16 size blocks: 33933564 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 64 size blocks: 10099336 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 256 size blocks: 2677337 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 1024 size blocks: 683545 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 8192 size blocks: 84996 camellia-128 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 16 size blocks: 26934894 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 64 size blocks: 7355348 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 256 size blocks: 1987407 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 1024 size blocks: 500649 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 8192 size blocks: 62260 camellia-192 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16 size blocks: 26513896 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 64 size blocks: 7689787 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 256 size blocks: 1939433 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 1024 size blocks: 495140 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 8192 size blocks: 62617 camellia-256 cbc's in 3.00s
Doing seed cbc for 3s on 16 size blocks: 18334441 seed cbc's in 3.00s
Doing seed cbc for 3s on 64 size blocks: 4691123 seed cbc's in 3.00s
Doing seed cbc for 3s on 256 size blocks: 1164696 seed cbc's in 3.00s
Doing seed cbc for 3s on 1024 size blocks: 291571 seed cbc's in 3.00s
Doing seed cbc for 3s on 8192 size blocks: 36643 seed cbc's in 3.00s
Doing rc2 cbc for 3s on 16 size blocks: 10606117 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 64 size blocks: 2717261 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 256 size blocks: 681922 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 1024 size blocks: 171853 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 8192 size blocks: 21423 rc2 cbc's in 3.00s

but all works OK.

did the remote test as well, but to a outside website no problem.

openssl s_time -connect www.xyz.com:443  (not the actual website)
No CIPHER specified
Collecting connection statistics for 30 seconds
**************************************************************************************************************************************************************************************************************

206 connections in 0.07s; 2942.86 connections/user sec, bytes read 0
206 connections in 32 real seconds, 0 bytes read per connection

all completed OK

CC: (none) => peter.winterflood

Comment 9 Len Lawrence 2018-09-02 01:36:40 CEST
Re comment #8:

Thanks for that test Peter - you could give this an OK for 64-bits.  I'll do it for you just now.

CC: (none) => tarazed25

Len Lawrence 2018-09-02 01:36:59 CEST

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK

Thomas Backlund 2018-09-02 19:42:05 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => tmb, sysadmin-bugs

Comment 10 Mageia Robot 2018-09-02 21:08:24 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0365.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.