Fedora has issued an advisory today (July 14): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/ The issue is fixed upstream in 4.1. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 4.1Whiteboard: (none) => MGA7TOO
This SRPM is maintained by various people, so assigning this bug globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). (CVE-2020-13757) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/ ======================== Updated packages in core/updates_testing: ======================== python2-rsa-4.0-1.1.mga7 python3-rsa-4.0-1.1.mga7 from SRPM: python-rsa-4.0-1.1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)CVE: (none) => CVE-2020-13757Version: Cauldron => 7Status comment: Fixed upstream in 4.1 => (none)Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsSource RPM: python-rsa-4.0-3.mga8.src.rpm => python-rsa-4.0-1.mga7.src.rpm
Created attachment 11866 [details] Testcase for 2048-bit cipher https://github.com/sybrenstuvel/python-rsa/issues/146 This works for python3. There is a missing fromhex problem in python2.
CC: (none) => tarazed25
mga7, x86_64 CVE-2020-13757 There are testcases for this at https://github.com/sybrenstuvel/python-rsa/issues/146 Before update: 2048-bit cypher $ python2 pkcs1_2048.py Test with prepended bytes to ciphertext Traceback (most recent call last): File "pkcs1_2048.py", line 61, in <module> ct = bytes.fromhex("00004501b4d669e01b9ef2dc800aa1b06d49196f5a09fe8fbcd037323c60eaf027bfb98432be4e4a26c567ffec718bcbea977dd26812fa071c33808b4d5ebb742d9879806094b6fbeea63d25ea3141733b60e31c6912106e1b758a7fe0014f075193faa8b4622bfd5d3013f0a32190a95de61a3604711bc62945f95a6522bd4dfed0a994ef185b28c281f7b5e4c8ed41176d12d9fc1b837e6a0111d0132d08a6d6f0580de0c9eed8ed105531799482d1e466c68c23b0c222af7fc12ac279bc4ff57e7b4586d209371b38c4c1035edd418dc5f960441cb21ea2bedbfea86de0d7861e81021b650a1de51002c315f1e7c12debe4dcebf790caaa54a2f26b149cf9e77d") AttributeError: type object 'str' has no attribute 'fromhex' $ python3 pkcs1_2048.py Test with prepended bytes to ciphertext [!] No errors in decryption message == pt? True Test with appended bytes to ciphertext [*] Invalid decryption Test with original ciphertext [!] No errors in decryption message == pt? True After updating: Avoided the python2 test because of the missing fromhex module. $ python3 pkcs1_2048.py Test with prepended bytes to ciphertext [*] Invalid decryption Test with appended bytes to ciphertext [*] Invalid decryption Test with original ciphertext [!] No errors in decryption message == pt? True The prepended null bytes test now reyrns invalid, which is the expected behaviour. Running this code is probably a good enough test of the packages but leaving this bug open in case somebody with knowledge of the python2 hinterland can correct the fromhex problem.
Ran the 3072 and 4096-bit testcases as well, after the update. Both worked as expected. $ python3 vector_3072.py Test with prepended bytes to ciphertext [*] Invalid decryption Test with original ciphertext [!] No errors in decryption message == pt? True $ python3 vector_4096.py Test with prepended bytes to ciphertext [*] Invalid decryption Test with original ciphertext [!] No errors in decryption message == pt? True Giving this an OK for 64-bits.
Whiteboard: (none) => MGA7-64-OK
Created attachment 11867 [details] 3072-bit vector testcase for python-rsa Testcase is for malicious insertion of null bytes before enciphered message text. Currently works for python3 only.
Created attachment 11868 [details] 4096-bit vector testcase for python-rsa
Whiteboard: MGA7-64-OK => has_procedure, MGA7-64-OK
Whiteboard: has_procedure, MGA7-64-OK => MGA7-64-OK
CC: (none) => sysadmin-bugsKeywords: (none) => has_procedure, validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0364.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED