32794 – QuicTLS new security issues CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 and CVE-2024-0727

Bug 32794 - QuicTLS new security issues CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 and CVE-2024-0727

Summary: QuicTLS new security issues CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 and C...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	https://www.openssl.org/news/secadv/2...
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:	32498
Blocks:
	Show dependency tree / graph

Reported:	2024-01-31 03:55 CET by Raphael Gertz
Modified:	2024-02-15 00:03 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	quictls-3.0.12-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Raphael Gertz 2024-01-31 03:55:49 CET

QuicTLS has issued an advisory on November 6:
https://www.openssl.org/news/secadv/20231106.txt

The next QuicTLS version will contain the fix.

The fix is also available in commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
(for 3.1) and commit db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0).

Comment 1 Raphael Gertz 2024-01-31 04:01:38 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Excessive time spent in DH check / generation with large Q parameter value. (CVE-2023-5678)

POLY1305 MAC implementation corrupts vector registers on PowerPC. (CVE-2023-6129)

Excessive time spent checking invalid RSA public keys. (CVE-2023-6237)

PKCS12 Decoding crashes. (CVE-2024-0727)

References:
https://www.openssl.org/news/secadv/20231106.txt
https://www.openssl.org/news/secadv/20240109.txt
https://www.openssl.org/news/secadv/20240115.txt
https://www.openssl.org/news/secadv/20240125.txt
========================

Updated packages in core/updates_testing:
========================
lib(64)quictls81.3-3.0.12-1.1.mga9
lib(64)quictls-devel--3.0.12-1.1.mga9
lib(64)quictls-static-devel-3.0.12-1.1.mga9
quictls-3.0.12-1.1.mga9
quictls-perl-3.0.12-1.1.mga9

from SRPM:
quictls-3.0.12-1.1.mga9.src.rpm

Keywords: (none) => advisory
Depends on: (none) => 32498

Raphael Gertz 2024-01-31 04:06:20 CET

Status: NEW => ASSIGNED
QA Contact: (none) => security
Assignee: bugsquad => qa-bugs
CC: (none) => mageia

Marja Van Waes 2024-01-31 21:22:28 CET

Component: RPM Packages => Security
CC: (none) => marja11

Comment 2 Len Lawrence 2024-02-14 20:48:39 CET Comment hidden (obsolete)

Mageia9, x86_64
Installed the core packages then updated them from updates-testing.
Referred to bug 29234 for testing.
Reproducers for the vulnerabilities not available.

Installed godot and ran it under strace.
Brought up the blender-style scene creation gui, backed out, then created a dummy project, and downloaded some files from assetlib.
Closed down.
$ grep mbedtls godot.trace
openat(AT_FDCWD, "/usr/lib64/libmbedtls.so.14", O_RDONLY|O_CLOEXEC) = 3
$ grep crypto godot.trace
openat(AT_FDCWD, "/usr/lib64/libmbedcrypto.so.7", O_RDONLY|O_CLOEXEC) = 3
$ grep x509 godot.trace
openat(AT_FDCWD, "/usr/lib64/libmbedx509.so.1", O_RDONLY|O_CLOEXEC) = 3

As far as this goes the game engine functions and opens the libraries.

Giving this an OK for 64-bits.  Advisory to follow.

CC: (none) => tarazed25

Comment 3 Len Lawrence 2024-02-14 20:59:14 CET Comment hidden (obsolete)

In reply to comment 2;
Note that the gui IS blender, not blender-style.

Comment 4 Len Lawrence 2024-02-14 21:09:03 CET

Concerning comments 2 and 3 - wrong bug!
We need another button to invalidate such comments.

Thomas Andrews 2024-02-14 22:11:36 CET

CC: (none) => andrewsfarm

Comment 5 Dave Hodgins 2024-02-14 22:15:07 CET Comment hidden (obsolete)

(In reply to Len Lawrence from comment #4)
> Concerning comments 2 and 3 - wrong bug!
> We need another button to invalidate such comments.

Left click on the tag option for each of the comments and type in the word
obsolete, as I've now down for comments 2 and 3.

CC: (none) => davidwhodgins

Comment 6 Thomas Andrews 2024-02-14 22:51:28 CET Comment hidden (obsolete)

(In reply to Dave Hodgins from comment #5)
> (In reply to Len Lawrence from comment #4)
> > Concerning comments 2 and 3 - wrong bug!
> > We need another button to invalidate such comments.
> 
> Left click on the tag option for each of the comments and type in the word
> obsolete, as I've now down for comments 2 and 3.

I tried that earlier, but it didn't work for me. Maybe I don't have the power to obsolete the comments of others.

Comment 7 Thomas Andrews 2024-02-14 22:54:03 CET

Typo in the package list: Qarepo objected to "lib(64)quictls-devel--3.0.12-1.1.mga9" It should be "lib(64)quictls-devel-3.0.12-1.1.mga9"

Comment 8 Thomas Andrews 2024-02-14 23:04:37 CET

MGA9-64 Plasma in VirtualBox: No installation issues.

referred to bug 32248 comment 2 for testing guidance:

[tom@localhost ~]$ rpm -q quictls lib64quictls81.3
quictls-3.0.12-1.1.mga9
lib64quictls81.3-3.0.12-1.1.mga9
[tom@localhost ~]$ quictls  s_client -connect rapsys.eu:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = rapsys.eu
verify return:1
---
Certificate chain
 0 s:CN = rapsys.eu
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 29 00:26:34 2023 GMT; NotAfter: Mar 28 00:26:33 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
---
subject=CN = rapsys.eu
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5528 bytes and written 377 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 002AA403F69E7661550CF75DC03AACDCE57CC02F0326EA9FC84A7CF017FEFAE5
    Session-ID-ctx: 
    Resumption PSK: AB98F394E63B6C200CD3F2E62B6661F87F0868DF2FC3F2140E56C97CA7F34A20
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - f1 43 0c 8c 97 75 de 57-8f 9b 97 46 21 3e 42 d9   .C...u.W...F!>B.
    0010 - 2f d3 6c c6 4a 0d b2 d7-7a d7 d0 6f 0e a6 c5 88   /.l.J...z..o....

    Start Time: 1707947830
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 24A27DCEB65164AEEFF5E6C7986798A29652B198DE26CD0A4FCC6C0AE01B2CC0
    Session-ID-ctx: 
    Resumption PSK: F33FDD0C711E4DAACFF020914D31B15E709AC4EBA348F0C1926C2D40A7EDF883
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 8c 38 e0 75 de 85 89 2d-af ba a5 9a ca 79 15 0a   .8.u...-.....y..
    0010 - 7e 9d ff cd d7 3b 31 74-ae 74 a5 e3 51 e2 89 ed   ~....;1t.t..Q...

    Start Time: 1707947830
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
HTTP/1.1 408 Request Time-out
Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>408 Request Time-out</h1>
Your browser didn't send a complete request in time.
</body></html>
closed

Looks in line with the results of the previous bug. Giving this an OK.

Whiteboard: (none) => MGA9-64-OK

Comment 9 Thomas Andrews 2024-02-14 23:05:25 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 10 Dave Hodgins 2024-02-14 23:55:27 CET Comment hidden (obsolete)

(In reply to Thomas Andrews from comment #6)
> (In reply to Dave Hodgins from comment #5)
> > (In reply to Len Lawrence from comment #4)
> > > Concerning comments 2 and 3 - wrong bug!
> > > We need another button to invalidate such comments.
> > 
> > Left click on the tag option for each of the comments and type in the word
> > obsolete, as I've now down for comments 2 and 3.
> 
> I tried that earlier, but it didn't work for me. Maybe I don't have the
> power to obsolete the comments of others.

I've added bugsquad, editkeywords, editusers permissions for you at
https://bugs.mageia.org/editusers.cgi?action=list&matchvalue=login_name&matchstr=&matchtype=substr&groupid=9&is_enabled=1
which should also now allow you to disable accounts for spammers if you
encounter bug comments from them, as well as being able to obsolete any
comment. Please test by obsoleting all comments in this bug that are not about
quictls. I'm not sure if you just have to reload the page or logout/in to
bugzilla for the changes to take effect, or if nothing needs to be done.

Let's continue any further discussion of this by email.

Comment 11 Mageia Robot 2024-02-15 00:03:47 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0036.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.