Upstream has issued an advisory on April 16: https://www.openssl.org/news/secadv/20180416.txt The issue is discussed in more depth in this thread: http://openwall.com/lists/oss-security/2018/04/16/3 Ubuntu has issued an advisory for this on April 19: https://usn.ubuntu.com/3628-1/ It will be fixed in the next OpenSSL release(s).
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11, nicolas.salgueroAssignee: bugsquad => pkg-bugs
Status comment: (none) => Will be fixed upstream in 1.0.2p
Upstream has issued an advisory on June 12: https://www.openssl.org/news/secadv/20180612.txt Ubuntu has issued an advisory for this today (June 26): https://usn.ubuntu.com/3692-1/ It also lists CVE-2018-0495, a libgcrypt issue that I've read elsewhere doesn't affect OpenSSL, so I'm not sure where they got that from or what they did for that. As for the new issue in this comment (CVE-2018-0732), it will also be fixed in the next OpenSSL release(s).
Summary: openssl new security issue CVE-2018-0737 => openssl new security issues CVE-2018-073[27]
OpenSSL 1.0.2p and 1.1.0i have been released on August 14, fixing these: https://www.openssl.org/ https://www.openssl.org/news/vulnerabilities.html
Suggested advisory: ======================== The updated packages fix security vulnerabilities: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). (CVE-2018-0737) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732 https://www.openssl.org/news/secadv/20180612.txt https://usn.ubuntu.com/3692-1/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737 https://www.openssl.org/news/secadv/20180416.txt http://openwall.com/lists/oss-security/2018/04/16/3 https://usn.ubuntu.com/3628-1/ ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.2p-1.mga6 lib(64)openssl-engines1.0.0-1.0.2p-1.mga6 lib(64)openssl1.0.0-1.0.2p-1.mga6 lib(64)openssl-devel-1.0.2p-1.mga6 lib(64)openssl-static-devel-1.0.2p-1.mga6 openssl-perl-1.0.2p-1.mga6 from SRPMS: openssl-1.0.2p-1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2018-0732, CVE-2018-0737Status: NEW => ASSIGNEDVersion: Cauldron => 6
For Cauldron, a test is failing: """ ../test/recipes/80-test_cms.t .............. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/4 subtests """ and I do not know how to correct that problem.
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Followed tests as per https://wiki.mageia.org/en/QA_procedure:Openssl at CLI: $ openssl version -a OpenSSL 1.0.2p 14 Aug 2018 built on: reproducible build, date unspecified platform: linux-elf options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic $ openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 and a lot more $ openssl speed Doing mdc2 for 3s on 16 size blocks: 608758 mdc2's in 2.60s Doing mdc2 for 3s on 64 size blocks: 172520 mdc2's in 2.69s Doing mdc2 for 3s on 256 size blocks: 42269 mdc2's in 2.58s Doing mdc2 for 3s on 1024 size blocks: 10692 mdc2's in 2.60s Doing mdc2 for 3s on 8192 size blocks: 1350 mdc2's in 2.62s Doing md4 for 3s on 16 size blocks: 2525784 md4's in 2.29s Doing md4 for 3s on 64 size blocks: 1710518 md4's in 1.87s Doing md4 for 3s on 256 size blocks: 1276487 md4's in 2.10s and so on ]$ openssl s_time -connect <myserver>:443 No CIPHER specified Collecting connection statistics for 30 seconds 1724 connections in 14.80s; 116.49 connections/user sec, bytes read 0 1724 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting 12068 connections in 6.31s; 1912.52 connections/user sec, bytes read 0 12068 connections in 31 real seconds, 0 bytes read per connection seems all OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Wrong first line, should be: MGA6-32 on IBM Thinkpad R50e
x86_64 plasma install amd 1950X - asus prime x399 i wont include all the data its just spam openssl speed rsa Doing 512 bit private rsa's for 10s: 255143 512 bit private RSA's in 10.00s Doing 512 bit public rsa's for 10s: 3660731 512 bit public RSA's in 10.00s Doing 1024 bit private rsa's for 10s: 90732 1024 bit private RSA's in 10.00s Doing 1024 bit public rsa's for 10s: 1457374 1024 bit public RSA's in 10.00s Doing 2048 bit private rsa's for 10s: 13411 2048 bit private RSA's in 10.00s Doing 2048 bit public rsa's for 10s: 476996 2048 bit public RSA's in 10.00s Doing 4096 bit private rsa's for 10s: 2002 4096 bit private RSA's in 10.00s Doing 4096 bit public rsa's for 10s: 130395 4096 bit public RSA's in 10.00s OpenSSL 1.0.2p 14 Aug 2018 built on: reproducible build, date unspecified options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -Wa,--noexecstack -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM sign verify sign/s verify/s rsa 512 bits 0.000039s 0.000003s 25514.3 366073.1 rsa 1024 bits 0.000110s 0.000007s 9073.2 145737.4 rsa 2048 bits 0.000746s 0.000021s 1341.1 47699.6 rsa 4096 bits 0.004995s 0.000077s 200.2 13039.5 [root@localhost ~]# openssl speed Doing mdc2 for 3s on 16 size blocks: 3663143 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 1012611 mdc2's in 3.00s Doing mdc2 for 3s on 256 size blocks: 258814 mdc2's in 3.00s Doing mdc2 for 3s on 1024 size blocks: 65267 mdc2's in 3.00s Doing mdc2 for 3s on 8192 size blocks: 8154 mdc2's in 3.00s Doing md4 for 3s on 16 size blocks: 19878748 md4's in 3.00s Doing md4 for 3s on 64 size blocks: 15242580 md4's in 3.00s Doing md4 for 3s on 256 size blocks: 8900956 md4's in 3.00s Doing md4 for 3s on 1024 size blocks: 3270663 md4's in 3.00s Doing md4 for 3s on 8192 size blocks: 481863 md4's in 3.00s Doing md5 for 3s on 16 size blocks: 14590303 md5's in 3.00s Doing md5 for 3s on 64 size blocks: 10505991 md5's in 3.00s Doing md5 for 3s on 256 size blocks: 5542089 md5's in 3.00s Doing md5 for 3s on 1024 size blocks: 2034350 md5's in 2.99s Doing md5 for 3s on 8192 size blocks: 290408 md5's in 3.00s Doing hmac(md5) for 3s on 16 size blocks: 11155301 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 64 size blocks: 8765306 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 256 size blocks: 5185846 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 1024 size blocks: 1968683 hmac(md5)'s in 3.00s Doing hmac(md5) for 3s on 8192 size blocks: 286582 hmac(md5)'s in 3.00s Doing sha1 for 3s on 16 size blocks: 22656484 sha1's in 3.00s Doing sha1 for 3s on 64 size blocks: 18749565 sha1's in 3.00s Doing sha1 for 3s on 256 size blocks: 11936896 sha1's in 3.00s Doing sha1 for 3s on 1024 size blocks: 4857800 sha1's in 3.00s Doing sha1 for 3s on 8192 size blocks: 750002 sha1's in 3.00s Doing sha256 for 3s on 16 size blocks: 46977172 sha256's in 3.00s Doing sha256 for 3s on 64 size blocks: 29747929 sha256's in 3.00s Doing sha256 for 3s on 256 size blocks: 15250930 sha256's in 3.00s Doing sha256 for 3s on 1024 size blocks: 5175662 sha256's in 3.00s Doing sha256 for 3s on 8192 size blocks: 718870 sha256's in 3.00s Doing sha512 for 3s on 16 size blocks: 10704637 sha512's in 3.00s Doing sha512 for 3s on 64 size blocks: 10477188 sha512's in 3.00s Doing sha512 for 3s on 256 size blocks: 4465239 sha512's in 3.00s Doing sha512 for 3s on 1024 size blocks: 1681254 sha512's in 3.00s Doing sha512 for 3s on 8192 size blocks: 250678 sha512's in 3.00s Doing whirlpool for 3s on 16 size blocks: 7895139 whirlpool's in 3.00s Doing whirlpool for 3s on 64 size blocks: 4250466 whirlpool's in 3.00s Doing whirlpool for 3s on 256 size blocks: 1802823 whirlpool's in 3.00s Doing whirlpool for 3s on 1024 size blocks: 543336 whirlpool's in 3.00s Doing whirlpool for 3s on 8192 size blocks: 72277 whirlpool's in 3.00s Doing rmd160 for 3s on 16 size blocks: 9507673 rmd160's in 3.00s Doing rmd160 for 3s on 64 size blocks: 5799005 rmd160's in 3.00s Doing rmd160 for 3s on 256 size blocks: 2637558 rmd160's in 3.00s Doing rmd160 for 3s on 1024 size blocks: 828147 rmd160's in 3.00s Doing rmd160 for 3s on 8192 size blocks: 112502 rmd160's in 3.00s Doing rc4 for 3s on 16 size blocks: 95838250 rc4's in 3.00s Doing rc4 for 3s on 64 size blocks: 26512293 rc4's in 3.00s Doing rc4 for 3s on 256 size blocks: 6045594 rc4's in 3.00s Doing rc4 for 3s on 1024 size blocks: 1452657 rc4's in 3.00s Doing rc4 for 3s on 8192 size blocks: 180253 rc4's in 3.00s Doing des cbc for 3s on 16 size blocks: 16575981 des cbc's in 3.00s Doing des cbc for 3s on 64 size blocks: 4279262 des cbc's in 3.00s Doing des cbc for 3s on 256 size blocks: 1086223 des cbc's in 3.00s Doing des cbc for 3s on 1024 size blocks: 264768 des cbc's in 3.00s Doing des cbc for 3s on 8192 size blocks: 33361 des cbc's in 3.00s Doing des ede3 for 3s on 16 size blocks: 6362731 des ede3's in 3.00s Doing des ede3 for 3s on 64 size blocks: 1625995 des ede3's in 3.00s Doing des ede3 for 3s on 256 size blocks: 407114 des ede3's in 3.00s Doing des ede3 for 3s on 1024 size blocks: 102143 des ede3's in 3.00s Doing des ede3 for 3s on 8192 size blocks: 12767 des ede3's in 3.00s Doing aes-128 cbc for 3s on 16 size blocks: 32670015 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 8553495 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 256 size blocks: 2245307 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 1111346 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 140363 aes-128 cbc's in 3.00s Doing aes-192 cbc for 3s on 16 size blocks: 27544333 aes-192 cbc's in 3.00s Doing aes-192 cbc for 3s on 64 size blocks: 7257329 aes-192 cbc's in 3.00s Doing aes-192 cbc for 3s on 256 size blocks: 1872731 aes-192 cbc's in 3.00s Doing aes-192 cbc for 3s on 1024 size blocks: 947788 aes-192 cbc's in 3.00s Doing aes-192 cbc for 3s on 8192 size blocks: 120353 aes-192 cbc's in 3.00s Doing aes-256 cbc for 3s on 16 size blocks: 24003797 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 64 size blocks: 6253556 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 256 size blocks: 1603348 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 1024 size blocks: 826433 aes-256 cbc's in 3.00s Doing aes-256 cbc for 3s on 8192 size blocks: 104309 aes-256 cbc's in 3.00s Doing aes-128 ige for 3s on 16 size blocks: 31654484 aes-128 ige's in 3.00s Doing aes-128 ige for 3s on 64 size blocks: 8138188 aes-128 ige's in 3.00s Doing aes-128 ige for 3s on 256 size blocks: 2088588 aes-128 ige's in 3.00s Doing aes-128 ige for 3s on 1024 size blocks: 524615 aes-128 ige's in 3.00s Doing aes-128 ige for 3s on 8192 size blocks: 65001 aes-128 ige's in 3.00s Doing aes-192 ige for 3s on 16 size blocks: 27292353 aes-192 ige's in 3.00s Doing aes-192 ige for 3s on 64 size blocks: 6939949 aes-192 ige's in 3.00s Doing aes-192 ige for 3s on 256 size blocks: 1745524 aes-192 ige's in 3.00s Doing aes-192 ige for 3s on 1024 size blocks: 442124 aes-192 ige's in 3.00s Doing aes-192 ige for 3s on 8192 size blocks: 55168 aes-192 ige's in 3.00s Doing aes-256 ige for 3s on 16 size blocks: 23714890 aes-256 ige's in 3.00s Doing aes-256 ige for 3s on 64 size blocks: 5933657 aes-256 ige's in 3.00s Doing aes-256 ige for 3s on 256 size blocks: 1505703 aes-256 ige's in 3.00s Doing aes-256 ige for 3s on 1024 size blocks: 381197 aes-256 ige's in 3.00s Doing aes-256 ige for 3s on 8192 size blocks: 47657 aes-256 ige's in 3.00s Doing ghash for 3s on 16 size blocks: 282995937 ghash's in 3.00s Doing ghash for 3s on 64 size blocks: 194997982 ghash's in 3.00s Doing ghash for 3s on 256 size blocks: 85871158 ghash's in 3.00s Doing ghash for 3s on 1024 size blocks: 25610038 ghash's in 3.00s Doing ghash for 3s on 8192 size blocks: 3365758 ghash's in 3.00s Doing camellia-128 cbc for 3s on 16 size blocks: 33933564 camellia-128 cbc's in 3.00s Doing camellia-128 cbc for 3s on 64 size blocks: 10099336 camellia-128 cbc's in 3.00s Doing camellia-128 cbc for 3s on 256 size blocks: 2677337 camellia-128 cbc's in 3.00s Doing camellia-128 cbc for 3s on 1024 size blocks: 683545 camellia-128 cbc's in 3.00s Doing camellia-128 cbc for 3s on 8192 size blocks: 84996 camellia-128 cbc's in 3.00s Doing camellia-192 cbc for 3s on 16 size blocks: 26934894 camellia-192 cbc's in 3.00s Doing camellia-192 cbc for 3s on 64 size blocks: 7355348 camellia-192 cbc's in 3.00s Doing camellia-192 cbc for 3s on 256 size blocks: 1987407 camellia-192 cbc's in 3.00s Doing camellia-192 cbc for 3s on 1024 size blocks: 500649 camellia-192 cbc's in 3.00s Doing camellia-192 cbc for 3s on 8192 size blocks: 62260 camellia-192 cbc's in 3.00s Doing camellia-256 cbc for 3s on 16 size blocks: 26513896 camellia-256 cbc's in 3.00s Doing camellia-256 cbc for 3s on 64 size blocks: 7689787 camellia-256 cbc's in 3.00s Doing camellia-256 cbc for 3s on 256 size blocks: 1939433 camellia-256 cbc's in 3.00s Doing camellia-256 cbc for 3s on 1024 size blocks: 495140 camellia-256 cbc's in 3.00s Doing camellia-256 cbc for 3s on 8192 size blocks: 62617 camellia-256 cbc's in 3.00s Doing seed cbc for 3s on 16 size blocks: 18334441 seed cbc's in 3.00s Doing seed cbc for 3s on 64 size blocks: 4691123 seed cbc's in 3.00s Doing seed cbc for 3s on 256 size blocks: 1164696 seed cbc's in 3.00s Doing seed cbc for 3s on 1024 size blocks: 291571 seed cbc's in 3.00s Doing seed cbc for 3s on 8192 size blocks: 36643 seed cbc's in 3.00s Doing rc2 cbc for 3s on 16 size blocks: 10606117 rc2 cbc's in 3.00s Doing rc2 cbc for 3s on 64 size blocks: 2717261 rc2 cbc's in 3.00s Doing rc2 cbc for 3s on 256 size blocks: 681922 rc2 cbc's in 3.00s Doing rc2 cbc for 3s on 1024 size blocks: 171853 rc2 cbc's in 3.00s Doing rc2 cbc for 3s on 8192 size blocks: 21423 rc2 cbc's in 3.00s but all works OK. did the remote test as well, but to a outside website no problem. openssl s_time -connect www.xyz.com:443 (not the actual website) No CIPHER specified Collecting connection statistics for 30 seconds ************************************************************************************************************************************************************************************************************** 206 connections in 0.07s; 2942.86 connections/user sec, bytes read 0 206 connections in 32 real seconds, 0 bytes read per connection all completed OK
CC: (none) => peter.winterflood
Re comment #8: Thanks for that test Peter - you could give this an OK for 64-bits. I'll do it for you just now.
CC: (none) => tarazed25
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0365.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED