25977 – openssl new security issue CVE-2019-1551

Bug 25977 - openssl new security issue CVE-2019-1551

Summary: openssl new security issue CVE-2019-1551

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	https://linuxsecurity.com/advisories/...
Whiteboard:	MGA7-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2019-12-28 00:51 CET by Zombie Ryushu
Modified:	2020-01-05 16:40 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	compat-openssl10-1.0.2t-1.mga7.src.rpm, openssl-1.1.0l-1.mga7.src.rpm
CVE:	CVE-2019-1551
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2019-12-28 00:51:47 CET

https://linuxsecurity.com/advisories/debian/debian-dsa-4594-1-openssl1-0-security-update-17-13-06

Zombie Ryushu 2019-12-28 00:52:05 CET

CVE: (none) => CVE-2019-1551
Component: RPM Packages => Security

Comment 1 Nicolas Salguero 2019-12-28 15:46:38 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. (CVE-2019-1551)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
https://linuxsecurity.com/advisories/debian/debian-dsa-4594-1-openssl1-0-security-update-17-13-06
========================

Updated packages in core/updates_testing:
========================
compat-openssl10-1.0.2u-1.mga7
lib(64)compat-openssl10_1.0.0-1.0.2u-1.mga7
lib(64)compat-openssl10-devel-1.0.2u-1.mga7

from SRPMS:
compat-openssl10-1.0.2u-1.mga7.src.rpm

Source RPM: openssl => compat-openssl10-1.0.2t-1.mga7.src.rpm
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Nicolas Salguero 2019-12-28 17:40:47 CET

Assignee: bugsquad => qa-bugs

Comment 2 David Walser 2019-12-29 04:57:24 CET

Upstream advisory:
https://www.openssl.org/news/secadv/20191206.txt

Actual Debian advisory:
https://www.debian.org/security/2019/dsa-4594

This issue likely affects openssl 1.1.0 as well (if it affects 1.0 and 1.1.1, how could it not?), but upstream isn't saying because they're not supporting it anymore.  We need to get a patch from somewhere or backport the commit referenced in the upstream advisory.

Keywords: (none) => feedback
QA Contact: (none) => security
Summary: Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure => openssl new security issue CVE-2019-1551

Comment 3 Nicolas Salguero 2019-12-29 10:09:22 CET

Updated packages in core/updates_testing:
========================
compat-openssl10-1.0.2u-1.mga7
lib(64)compat-openssl10_1.0.0-1.0.2u-1.mga7
lib(64)compat-openssl10-devel-1.0.2u-1.mga7
openssl-1.1.0l-1.1.mga7
lib(64)openssl1.1-1.1.0l-1.1.mga7
lib(64)openssl-devel-1.1.0l-1.1.mga7
lib(64)openssl-static-devel-1.1.0l-1.1.mga7
openssl-perl-1.1.0l-1.1.mga7

from SRPMS:
compat-openssl10-1.0.2u-1.mga7.src.rpm
openssl-1.1.0l-1.1.mga7.src.rpm

Source RPM: compat-openssl10-1.0.2t-1.mga7.src.rpm => compat-openssl10-1.0.2t-1.mga7.src.rpm, openssl-1.1.0l-1.mga7.src.rpm
Keywords: feedback => (none)

Comment 4 David Walser 2019-12-29 17:37:35 CET

Advisory:
========================

Updated compat-openssl10 and openssl packages fix security vulnerability:

There is an overflow bug in the x64_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as
a result of this defect would be very difficult to perform and are not believed
likely. Attacks against DH512 are considered just feasible. However, for an
attack the target would have to re-use the DH512 private key, which is not
recommended anyway. Also applications directly using the low level API
BN_mod_exp may be affected if they use BN_FLG_CONSTTIME (CVE-2019-1551).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt

Comment 5 PC LX 2020-01-02 11:55:41 CET

Installed and tested without issue.

The openssl packages are used by lost of other packages in the system and after several days of usage nothing broke. Also did some tests with the openssl command (e.g. create keys and certificates), so I'm giving it an OK.


System: Mageia 7, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.


$ uname -a
Linux marte 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | egrep 'openssl.*1\.(0|1)' | sort
lib64compat-openssl10_1.0.0-1.0.2u-1.mga7
lib64openssl1.1-1.1.0l-1.1.mga7
libopenssl1.1-1.1.0l-1.1.mga7
openssl-1.1.0l-1.1.mga7

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Comment 6 Thomas Andrews 2020-01-03 19:59:25 CET

Thank you, PC LX.

Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2020-01-05 14:50:42 CET

Keywords: (none) => advisory
CC: (none) => tmb

Comment 7 Mageia Robot 2020-01-05 16:40:21 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0023.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.